Add project files.

2025-04-29 18:57:20 -06:00
parent 62e9799537
commit d5925a6476
44 changed files with 2716 additions and 0 deletions
--- a/Core.Cerberos.Adapters/Attributes/Permission.cs
+++ b/Core.Cerberos.Adapters/Attributes/Permission.cs
@@ -0,0 +1,9 @@
+namespace Core.Cerberos.Adapters
+{
+    public class Permission
+    {
+        public string Name { get; set; }
+
+        public string AccessLevel { get; set; }
+    }
+}
--- a/Core.Cerberos.Adapters/Attributes/PermissionAttribute.cs
+++ b/Core.Cerberos.Adapters/Attributes/PermissionAttribute.cs
@@ -0,0 +1,72 @@
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.Filters;
+
+namespace Core.Cerberos.Adapters.Attributes
+{
+    /// <summary>
+    /// Custom authorization attribute that checks if the user has any of the required permissions.
+    /// </summary>
+    [System.Diagnostics.CodeAnalysis.ExcludeFromCodeCoverage]
+    public class PermissionAttribute : AuthorizeAttribute, IAuthorizationFilter
+    {
+        private readonly string _requiredPermissions;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="PermissionAttribute"/> class.
+        /// </summary>
+        /// <param name="requiredPermissions">The array of permissions required to access the resource.</param>
+        public PermissionAttribute(string requiredPermissions)
+        {
+            _requiredPermissions = requiredPermissions;
+        }
+
+        /// <summary>
+        /// Called during the authorization process to determine if the user has any of the required permissions.
+        /// </summary>
+        /// <param name="context">The context in which the authorization filter operates.</param>
+        public void OnAuthorization(AuthorizationFilterContext context)
+        {
+            try
+            {
+                var hasPermission = false;
+
+                var servicePermissionsList = _requiredPermissions.Replace(" ", "").Split(',').ToList();
+
+                var servicePermissions = servicePermissionsList.Select(s => new Permission
+                {
+                    Name = s.Substring(0, s.IndexOf('.')),
+                    AccessLevel = s.Substring(s.IndexOf('.') + 1),
+                });
+
+                var userPermissionsList = context.HttpContext.User.Claims
+                    .Where(c => c.Type == "permissions")
+                    .Select(c => c.Value)
+                    .ToList();
+
+                var userPermissions = userPermissionsList.Select(s => new Permission
+                {
+                    Name = s.Substring(0, s.IndexOf('.')),
+                    AccessLevel = s.Substring(s.IndexOf('.') + 1),
+                });
+
+                foreach (var servicePermission in servicePermissions)
+                {
+                    hasPermission = userPermissions
+                        .Where(up => up.Name == servicePermission.Name && up.AccessLevel == "All"
+                                   || up.Name == servicePermission.Name && up.AccessLevel == servicePermission.AccessLevel)
+                        .Count() > 0 ? true : false;
+
+                    if (hasPermission) break;
+                }
+
+                if (!hasPermission)
+                    context.Result = new UnauthorizedResult();
+            }
+            catch (Exception ex)
+            {
+                context.Result = new UnauthorizedResult();
+            }
+        }
+    }
+}