25 lines
933 B
C#
25 lines
933 B
C#
|
namespace Parking_space_WebAPI.Authorization;
|
||
|
|
||
|
using Microsoft.AspNetCore.Mvc;
|
||
|
using Microsoft.AspNetCore.Mvc.Filters;
|
||
|
using Parking_space_WebAPI.Entities;
|
||
|
|
||
|
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
|
||
|
public class AuthorizeAttribute : Attribute, IAuthorizationFilter
|
||
|
{
|
||
|
public void OnAuthorization(AuthorizationFilterContext context)
|
||
|
{
|
||
|
// skip authorization if action is decorated with [AllowAnonymous] attribute
|
||
|
var allowAnonymous = context.ActionDescriptor.EndpointMetadata.OfType<AllowAnonymousAttribute>().Any();
|
||
|
if (allowAnonymous)
|
||
|
return;
|
||
|
|
||
|
// authorization
|
||
|
var user = (User?)context.HttpContext.Items["User"];
|
||
|
if (user == null)
|
||
|
{
|
||
|
// not logged in or role not authorized
|
||
|
context.Result = new JsonResult(new { message = "Unauthorized" }) { StatusCode = StatusCodes.Status401Unauthorized };
|
||
|
}
|
||
|
}
|
||
|
}
|