Changeset 418 for binary-improvements2/WebServer/src/UrlHandlers/ApiHandler.cs

Timestamp:

Feb 27, 2023, 9:40:12 PM (21 months ago)

Author:

alloc

Message:

Refactored API authorization to support per-HTTP-method permission levels

File:

• binary-improvements2/WebServer/src/UrlHandlers/ApiHandler.cs (modified) (5 diffs)

binary-improvements2/WebServer/src/UrlHandlers/ApiHandler.cs

@@ -3 +3 @@
 using System.Net;
 using System.Reflection;
-using Webserver.Permissions;
 using Webserver.WebAPI;
 
@@ -47 +46 @@
                 private void addApi (AbsWebAPI _api) {
                         apis.Add (_api.Name, _api);
-                        AdminWebModules.Instance.AddKnownModule ($"webapi.{_api.Name}", _api.DefaultPermissionLevel ());
                 }
 
@@ -71 +69 @@
                         }
 
-                        if (!IsAuthorizedForApi (apiName, _context.PermissionLevel)) {
+                        _context.RequestPath = subPath;
+
+                        if (!api.Authorized (_context)) {
                                 _context.Response.StatusCode = (int) HttpStatusCode.Forbidden;
                                 if (_context.Connection != null) {
@@ -79 +79 @@
                                 return;
                         }
-
-                        _context.RequestPath = subPath;
 
                         try {
@@ -92 +90 @@
                         }
                 }
-
-                private bool IsAuthorizedForApi (string _apiName, int _permissionLevel) {
-                        return AdminWebModules.Instance.ModuleAllowedWithLevel ($"webapi.{_apiName}", _permissionLevel);
-                }
         }
 }