Base solution for your next web application
Open Closed

Get Authozization attributes for DynamicWebApi methods #1288


User avatar
0
david created

Hi guys,

I'm trying to implement something with swagger. Basically i have enabled swagger for my new app. For the swagger, i have created a custom filter named HideInDocs which uses regex to hide some framework default methods from swagger ui page (ie app/user, app/tenant, app/session)

Now, i need to also hide authorized methods that current has no permissions to access it. this works fine if the methods are webapi methods. Using apiDescription.GetControllerAndActionAttributes<object>(); i can get required permissions for the method and then check if a permission is granted for current user and decide whether to include it in swagger ui page or not.

The problem arises when i'm trying to do the same for dynamicApi generated methods as var test = apiDescription.GetControllerAndActionAttributes<object>(); returns nothing. Seems that attributes are not reflected for dynamically generated methods.

Is there any way to achieve the same functionality on dynamicWebapi methods?

Below is my DocFilter:

public class HideInDocsFilter : IDocumentFilter
        {
            public void Apply(SwaggerDocument swaggerDoc, SchemaRegistry schemaRegistry, IApiExplorer apiExplorer)
            {
                foreach (var apiDescription in apiExplorer.ApiDescriptions)
                {
                    var test = apiDescription.GetControllerAndActionAttributes<object>();
                    //remove from docs autogenerated services
                    Regex r = new Regex("AbpCache|AbpServiceProxies|app/session|app/tenant|app/user|ServiceProxies|TypeScript");
                    if (r.IsMatch(apiDescription.ID))
                    {
                        swaggerDoc.paths.Remove("/" + apiDescription.RelativePath.Split('?')[0]);
                    }
                }
            }
        }

No answer yet!