fixed controller

Tohirjon-Odilov · Mar 4, 2024 · dda5d22 · dda5d22
1 parent 126ef2f
commit dda5d22
Show file tree

Hide file tree

Showing 4 changed files with 72 additions and 0 deletions.
diff --git a/Exam.StockManagement.API/Attributes/IdentityFilterAttributes.cs b/Exam.StockManagement.API/Attributes/IdentityFilterAttributes.cs
@@ -0,0 +1,31 @@
+using Exam.StockManagement.Domain.Entities.Enums;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.Filters;
+using System.Security.Claims;
+using System.Text.Json;
+
+namespace Exam.StockManagement.API.Attributes
+{
+    [AttributeUsage(AttributeTargets.Method)]   // Permissionlarni nmani ustida ishlatatyotganimizni yozish kerak (bizda controllerni ichida bir method ustida ishlatmoqdamiz)
+    public class IdentityFilterAttribute : Attribute, IAuthorizationFilter
+    {
+        private readonly int _permissionId;
+        public IdentityFilterAttribute(Persmissions permissions)
+        {
+            _permissionId = (int)permissions;
+        }
+        public void OnAuthorization(AuthorizationFilterContext context)  // IAuthorizationFilter interfacesini implementatsiyasi
+        {
+            //User authorizatsiya qilgan tokenidan rolini tekshirib va joriy permissionga ruhsati bor yoqlikga tekshiradi
+            //  Ruhsati yoq bolsa Forbidden 403 qaytaradi. Aks holda hech nma qilmaydi
+            ClaimsIdentity identity = context.HttpContext.User.Identity as ClaimsIdentity;
+            string permmissionsJson = identity.FindFirst("permissions")!.Value;
+            bool result = JsonSerializer.Deserialize<IEnumerable<int>>(permmissionsJson)!.Any(x => x == _permissionId);
+            if (!result)
+            {
+                context.Result = new ForbidResult();
+                return;
+            }
+        }
+    }
+}
diff --git a/Exam.StockManagement.API/Controllers/ProductController.cs b/Exam.StockManagement.API/Controllers/ProductController.cs
@@ -32,6 +32,14 @@ public async Task<IActionResult> GetAll()
             return Ok(result);
         }
 
+        [HttpGet]
+        public async Task<IActionResult> GetByCategory(string name)
+        {
+            var result = await productService.GetAll();
+
+            return Ok(result);
+        }
+
         [HttpPut]
         public async Task<IActionResult> Update(ProductDTO product)
         {

diff --git a/Exam.StockManagement.Application/Services/AuthServices/AuthService.cs b/Exam.StockManagement.Application/Services/AuthServices/AuthService.cs
@@ -1,4 +1,5 @@
 using Exam.StockManagement.Application.Abstractions.IServices;
+using Exam.StockManagement.Domain.Entities.DTOs;
 using Exam.StockManagement.Domain.Entities.DTOs.Auth;
 using Exam.StockManagement.Domain.Entities.Models;
 using Exam.StockManagement.Domain.Exceptions;
@@ -8,6 +9,7 @@
 using System.IdentityModel.Tokens.Jwt;
 using System.Security.Claims;
 using System.Text;
+using System.Text.Json;
 
 namespace Exam.StockManagement.Application.Services.AuthServices
 {
@@ -53,12 +55,22 @@ public async Task<ResponseLogin> GenerateToken(CheckEmail user, string path)
 
             var result = await _userService.GetByEmail(user.Email);
 
+            IEnumerable<int> permissionsId = new List<int>();
+            if (result.Role == "Admin")
+                permissionsId = new List<int>() { 101, 102, 103, 104, 105, 106, 107, 108 };
+            else if (result.Role == "Client")
+                permissionsId = new List<int>() { 201, 202, 203, 204, 205, 206, 207, 208 };
+
+            string permmisionJson = JsonSerializer.Serialize(permissionsId);
+
+
             List<Claim> claims = new List<Claim>()
             {
                 new Claim(ClaimTypes.Role, result.Role),
                 new Claim("Login", user.Email),
                 new Claim("UserID", result.Id.ToString()),
                 new Claim("CreatedDate", DateTime.UtcNow.ToString()),
+                new Claim("permissions",permmisionJson)
             };
 
             return await GenerateToken(claims);

diff --git a/Exam.StockManagement.Domain/Entities/Enums/Persmissions.cs b/Exam.StockManagement.Domain/Entities/Enums/Persmissions.cs
@@ -0,0 +1,21 @@
+namespace Exam.StockManagement.Domain.Entities.Enums
+{
+    public enum Persmissions
+    {
+        CreateProduct = 100,
+        GetAllUser,
+        UpdateProduct,
+        DeleteProduct,
+        CreateCategory,
+        UpdateCategory,
+        DeleteCategory,
+
+        GetAllCategory = 200,
+        GetSum,
+        GetQuantity,
+        GetByCategorySum,
+        GetByCategoryProduct,
+        GetByCategoryQuantity,
+        GetAllProduct,
+    }
+}