There is an API that should check if a user has permissions to execute action on a specific entity. Every method looks like this:
[HttpPost, Route("foo/{entityId}/{parameter}")]
[HasValidId] // <-- I would like to add this
public async Task<IActionResult> Foo(int entityId, string parameter)
{
// Instead of this:
if(!service.LoggedInUserHasAccessToEntity(entityId))
throw("No accesss to entity");
}
As you can see, it accepts "entityId" as an input parameter from the url. Then the LoggedInUserHasAccessToEntity
check is being performed. In case user doesn't have sufficent permissions, an error is returned.
This approach works fine, but I'd really like to replace it with a TypeFilterAttribute
or something similar to avoid code duplication. So far I have created an empty HasValidIdAttribute
class.
Is there a way to access entityId
inside my type filter attribute?
Note: url parsing won't do, as there may be other parameters involved.