:drunk: AI did something

2025-07-08 00:08:35 +08:00
parent 0d47716713
commit 2c67472894
43 changed files with 221 additions and 97 deletions
--- a/DysonNetwork.Sphere/Permission/RequiredPermissionAttribute.cs
+++ b/DysonNetwork.Sphere/Permission/RequiredPermissionAttribute.cs
@@ -0,0 +1,43 @@
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Mvc.Filters;
+using DysonNetwork.Shared.Services;
+using MagicOnion;
+
+namespace DysonNetwork.Sphere.Permission;
+
+public class RequiredPermissionAttribute : TypeFilterAttribute
+{
+    public RequiredPermissionAttribute(string scope, string permission) : base(typeof(RequiredPermissionFilter))
+    {
+        Arguments = new object[] { scope, permission };
+    }
+
+    private class RequiredPermissionFilter : IAsyncActionFilter
+    {
+        private readonly IPermissionService _permissionService;
+        private readonly string _scope;
+        private readonly string _permission;
+
+        public RequiredPermissionFilter(IPermissionService permissionService, string scope, string permission)
+        {
+            _permissionService = permissionService;
+            _scope = scope;
+            _permission = permission;
+        }
+
+        public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
+        {
+            // Assuming the actor is always "user:current" for client-side checks
+            // You might need to adjust this based on how your client identifies itself
+            var hasPermission = await _permissionService.CheckPermission(_scope, _permission);
+
+            if (!hasPermission)
+            {
+                context.Result = new ForbidResult();
+                return;
+            }
+
+            await next();
+        }
+    }
+}