mirror of
https://github.com/Kareadita/Kavita.git
synced 2025-12-22 12:57:22 -05:00
9f29fa593d
Co-authored-by: Amelia <77553571+Fesaa@users.noreply.github.com> Co-authored-by: Robbie Davis <robbie@therobbiedavis.com>
47 lines
1.7 KiB
C#
47 lines
1.7 KiB
C#
using System;
|
|
using System.Linq;
|
|
using System.Threading.Tasks;
|
|
using API.Extensions;
|
|
using API.Services;
|
|
using Microsoft.AspNetCore.Http;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using Microsoft.AspNetCore.Mvc.Filters;
|
|
using Microsoft.Extensions.DependencyInjection;
|
|
|
|
namespace API.Middleware;
|
|
|
|
/// <summary>
|
|
/// An attribute to prevent users with certain roles to access resources, or do actions.
|
|
/// Returns 400 BadRequest to prevent logouts in the UI. If you want an 401Unauthorized response,
|
|
/// use the Authorize attribute and require roles instead
|
|
/// </summary>
|
|
/// <param name="roles">Roles which should not be allowed to access the annotated resource</param>
|
|
/// <remarks>This attribute should be used together with Authorize</remarks>
|
|
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true)]
|
|
public class DisallowRoleAttribute(params string[] roles) : Attribute, IAsyncAuthorizationFilter
|
|
{
|
|
|
|
public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
|
|
{
|
|
var user = context.HttpContext.User;
|
|
|
|
if (roles.Any(role => !string.IsNullOrEmpty(role) && user.IsInRole(role)))
|
|
{
|
|
var localizationService = context.HttpContext.RequestServices.GetRequiredService<ILocalizationService>();
|
|
var userId = user.GetUserId();
|
|
|
|
var message = await localizationService.Translate(userId, "permission-denied");
|
|
|
|
// Pipeline is stopped in IAsyncAuthorizationFilter if result is non nil
|
|
context.Result = new ContentResult
|
|
{
|
|
StatusCode = StatusCodes.Status400BadRequest,
|
|
Content = message,
|
|
ContentType = "text/plain"
|
|
};
|
|
|
|
|
|
}
|
|
}
|
|
}
|