internal static bool Authorized(Controller controller)
{
ClinicWallyMisrEntities db = ClinicWallyMisrEntities.Instance;
string uri, table;
if (controller.Session["username"] != null && controller.Session["username"] != string.Empty)
{
string username = controller.Session["username"] as string;
if (username != null && username != string.Empty)
{
Account account = db.Accounts.FirstOrDefault(u => u.name == username);
if (account != null)
{
if (!account.isAdmin)
{
uri = controller.Request.Url.AbsolutePath;
uri = uri.Replace("/", "");
uri = uri.Replace("\\", "");
uri = uri.ToLower();
table = "";
string key = tablePages.Keys.FirstOrDefault(k => uri.Contains(k));
if (key != null && key != string.Empty)
{
table = tablePages[key];
}
if (table != "")
{
Table myTable = db.Tables.FirstOrDefault(o => o.tableName == table);
if (myTable != null)
{
if (account.Group.Permissions.Where(o => o.tableId == myTable.id).Count() > 0)
{
Permission perms = account.Group.Permissions.FirstOrDefault(o => o.tableId == myTable.id);
if (perms != null)
{
if (uri.Contains("create"))
{
if (perms.canAdd)
{
return(true);
}
}
else if (uri.Contains("edit"))
{
if (perms.canEdit)
{
return(true);
}
}
else if (uri.Contains("delete"))
{
if (perms.canDelete)
{
return(true);
}
}
else
{
if (perms.canRead)
{
return(true);
}
}
}
}
}
}
}
else
{
return(true); // is admin
}
}
}
}
return(false);
}
