36 lines
1.4 KiB
C#
36 lines
1.4 KiB
C#
using Microsoft.AspNetCore.Authorization;
|
|
|
|
namespace SIGCM2.Api.Authorization;
|
|
|
|
/// <summary>
|
|
/// Authorization attribute that requires the authenticated user to have at least ONE
|
|
/// of the declared permission codes assigned to their role (OR semantics).
|
|
/// Implements IAuthorizationRequirementData (.NET 8+) so ASP.NET Core builds the policy
|
|
/// on-the-fly from GetRequirements() — no AddPolicy() registration needed.
|
|
/// </summary>
|
|
/// <example>
|
|
/// // Single permission
|
|
/// [RequirePermission("administracion:usuarios:gestionar")]
|
|
///
|
|
/// // Multiple — OR semantics: any single match grants access
|
|
/// [RequirePermission("ventas:contado:crear", "ventas:ctacte:crear")]
|
|
/// </example>
|
|
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false)]
|
|
public sealed class RequirePermissionAttribute
|
|
: AuthorizeAttribute, IAuthorizationRequirement, IAuthorizationRequirementData
|
|
{
|
|
/// <summary>Permission codes required (OR semantics — at least one must match).</summary>
|
|
public string[] PermissionCodes { get; }
|
|
|
|
public RequirePermissionAttribute(params string[] permissionCodes)
|
|
{
|
|
if (permissionCodes is null || permissionCodes.Length == 0)
|
|
throw new ArgumentException("At least one permission code is required.", nameof(permissionCodes));
|
|
|
|
PermissionCodes = permissionCodes;
|
|
}
|
|
|
|
/// <inheritdoc/>
|
|
public IEnumerable<IAuthorizationRequirement> GetRequirements() => new[] { this };
|
|
}
|