/// <summary>
/// Common items that are populated as part of the blog view population
/// </summary>
/// <param name="helper"></param>
private void PopulateBase(IHtmlHelper helper)
{
// Generate the base url for this view
this.BaseUrl = (new Uri($"{helper.ViewContext.HttpContext.Request.Scheme}://{helper.ViewContext.HttpContext.Request.Host.Value}")).ToString();
// Do we have a current blog set? If so, do we have a current user?
if (this.CurrentBlog != null)
{
// Instantiate a new login manager
BlogLoginManager loginManager = new BlogLoginManager(this.CurrentBlog, helper.ViewContext.HttpContext);
// Get the current user (if we can) and assign it to the viewmodel
this.CurrentUser = loginManager.CurrentUser;
}
}
/// <summary>
/// Reset the fixture for the next test
/// </summary>
public void Initialise()
{
// Create a data provider to test against
DataProvider = new BlogMemoryProvider()
{
};
DataProvider.Initialise();
// Create a new blog to test against
TestBlog = new Blog(new BlogParameters()
{
Provider = DataProvider,
Id = "TestBlog"
});
// Create a new login manager against the test blog
LoginManager = new BlogLoginManager(TestBlog);
LoginManager.context = new MockedContext();
}
/// <summary>
/// When the action is executed, set up anything needed for any subsequent actions
/// </summary>
/// <param name="context">The execution context</param>
public override void OnActionExecuting(ActionExecutingContext context)
{
// Is a redirect?
Boolean isRedirect = false;
if (context.HttpContext.Request.Query.ContainsKey("redirect"))
{
Boolean.TryParse(context.HttpContext.Request.Query["redirect"], out isRedirect);
}
// Is it a password change?
if (context.HttpContext.Request.Path.Value.Contains($"auth/passwordchange"))
{
isRedirect = true;
}
try
{
// Get a new login manager instance to check against the current blog
// with the current session context
loginManager = new BlogLoginManager(Current, context.HttpContext);
if (loginManager != null)
{
// Handle the logins (tokens etc.)
loginManager.HandleTokens();
// Current user? Is there some reason to redirect?
if (loginManager.CurrentUser != null)
{
// Password change required and not already on the auth screen?
if (loginManager.CurrentUser.PasswordChange && !isRedirect)
{
// Redirect ..
context.Result = new RedirectResult($"{BaseUrl}/auth/login/?redirect=true");
return;
}
}
}
else
{
throw new UserBlogException("Login Manager could not be initialised.");
}
// Check to see if we have any security attributes applied to the current method
ControllerActionDescriptor controllerDescriptor = (ControllerActionDescriptor)context.ActionDescriptor;
if (controllerDescriptor != null) // Did we get a controller descriptor?
{
// Get the required security level if there is one
BlogSecurityAttribute[] securityAttributes = (BlogSecurityAttribute[])controllerDescriptor.MethodInfo.GetCustomAttributes(typeof(BlogSecurityAttribute), false);
if (securityAttributes.Length != 0)
{
// Loop the items and see if any fail to meet criteria, if so then set the redirect result
foreach (BlogSecurityAttribute attrib in securityAttributes)
{
// Check against the current user for the security level needed
if (loginManager.CurrentUser == null ||
loginManager.CurrentUser.Permissions == null ||
!loginManager.CurrentUser.Permissions.Contains(attrib.Permission))
{
context.Result = new RedirectResult($"{BaseUrl}"); // Redirect to the user to the home page
}
}
}
}
}
catch (Exception ex)
{
// Throw the exception wrapped (if needed) in a non-initialised exception
throw BlogException.Passthrough(ex, new UserBlogException(ex));
}
// Call the base method
base.OnActionExecuting(context);
}
