Plugin Base WebViewPage #22 & Authorization #24

Plugins have a base WebViewPage to inherit, this offers integration with various Disco services. Plugins can also add Authorization attributes to their Web Handlers and Controller Methods.
2013-10-14 20:13:00 +11:00
parent 4b822d3ae3
commit 9784c5d282
21 changed files with 496 additions and 112 deletions
@@ -1,4 +1,5 @@
-using System;
+using Disco.Services.Authorization;
+using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Reflection;
@@ -19,6 +20,14 @@ namespace Disco.Services.Plugins
            if (methodDescriptor == null)
                return this.HttpNotFound("Unknown Plugin Method");

+            // Authorize Method
+            if (methodDescriptor.Authorizers.Length > 0)
+            {
+                var attributeDenied = methodDescriptor.Authorizers.FirstOrDefault(a => !a.IsAuthorized(HostController.HttpContext));
+                if (attributeDenied != null)
+                    return new HttpUnauthorizedResult(attributeDenied.HandleUnauthorizedMessage());
+            }
+
            var methodParams = BuildMethodParameters(handlerType, methodDescriptor.MethodInfo, ActionName, this.HostController);

            return (ActionResult)methodDescriptor.MethodInfo.Invoke(this, methodParams);
@@ -63,24 +72,6 @@ namespace Disco.Services.Plugins
                        parameterValue = methodParam.DefaultValue;

                result[i] = parameterValue;
-
-                //var paramInstance = Activator.CreateInstance(methodParam.ParameterType);
-                
-                //IModelBinder binder = ModelBinders.Binders.GetBinder(methodParam.ParameterType);
-                //ModelBindingContext bindingContext = new ModelBindingContext
-                //{
-                //    ModelMetadata = ModelMetadataProviders.Current.GetMetadataForType(() => paramInstance, methodParam.ParameterType),
-                //    ModelName = methodParam.Name,
-                //    ModelState = HostController.ModelState,
-                //    PropertyFilter = (p) => true,
-                //    ValueProvider = HostController.ValueProvider
-                //};
-                //binder.BindModel(HostController.ControllerContext, bindingContext);
-
-                //if (methodParam.HasDefaultValue && paramInstance == null)
-                //    paramInstance = methodParam.DefaultValue;
-
-                //result[i] = paramInstance;
            }

            return result;
@@ -102,7 +93,8 @@ namespace Disco.Services.Plugins
                    var item = new WebHandlerCachedItem()
                    {
                        Method = method.Name,
-                        MethodInfo = method
+                        MethodInfo = method,
+                        Authorizers = method.GetCustomAttributes<DiscoAuthorizeBaseAttribute>().ToArray()
                    };
                    result.Add(item.Method.ToLower(), item);
                }
@@ -115,6 +107,7 @@ namespace Disco.Services.Plugins
        {
            public string Method { get; set; }
            public MethodInfo MethodInfo { get; set; }
+            public DiscoAuthorizeBaseAttribute[] Authorizers { get; set; }
        }
        #endregion
    }