public void GetStore(userCompany userCompany = null)
{
var stores = db.store.Where(s => !s.DeletionDatetime.HasValue && s.company.DeletionDatetime == null);
if (!new CuponeraPrincipal(new CuponeraIdentity(User.Identity)).IsInRole("admin"))
{
if (CuponeraIdentity.AdminCompany > 0)
{
stores = stores.Where(s => CuponeraIdentity.AdminCompany == s.IdCompany);
}
else
{
stores = stores.Where(s => CuponeraPrincipal.CanAdminStore(s.IdStore));
}
}
if (userCompany != null)
{
ViewBag.IdStore = new SelectList(stores, "IdStore", "Name", userCompany.IdCompany);
}
else
{
ViewBag.IdStore = new SelectList(stores, "IdStore", "Name");
}
}
public void GetCompany(userCompany userCompany=null)
{
var companies = db.company.Where(c => !c.DeletionDatetime.HasValue);
if (!new CuponeraPrincipal(new CuponeraIdentity(User.Identity)).IsInRole("admin"))
{
if (CuponeraIdentity.AdminCompany > 0)
{
companies = companies.Where(c => CuponeraIdentity.AdminCompany == c.IdCompany);
}
else
{
companies = db.store.Where(s => CuponeraPrincipal.CanAdminStore(s.IdStore)).Select(s => s.company);
}
}
if (userCompany != null)
{
ViewBag.IdCompany = new SelectList(companies, "IdCompany", "Name", userCompany.IdCompany);
}
else
{
ViewBag.IdCompany = new SelectList(companies, "IdCompany", "Name");
}
}
protected void Session_Start(Object sender, EventArgs e)
{
if (User != null && User.Identity != null && User.Identity.IsAuthenticated && Thread.CurrentPrincipal.GetType() != typeof(CuponeraPrincipal))
{
IPrincipal principal = new CuponeraPrincipal(new CuponeraIdentity(User.Identity));
Thread.CurrentPrincipal = principal;
HttpContext.Current.User = principal;
}
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var isAuthorized = base.AuthorizeCore(httpContext);
if (!isAuthorized)
{
return(false);
}
//Override Principal for IsInRole Validation
//TODO: figure out why, when a session already exist, this fails because simplemembership is not initialized
//if (httpContext.User.IsInRole("admin")) return true;
if (new CuponeraPrincipal(new CuponeraIdentity(httpContext.User.Identity)).IsInRole("admin"))
{
return(true);
}
else
{
if (MustBeAdmin)
{
return(false);
}
}
//Define Entity and Id of entity
string entity = httpContext.Request.Url.Segments[1].Replace("/", string.Empty);
//Only applies to operation on specific resources, not for Index
if (httpContext.Request.Url.Segments.Count() > 3)
{
int idEntity = Convert.ToInt32(httpContext.Request.Url.Segments[3].Replace("/", string.Empty));
List <int> stores = new List <int>();
using (CuponeraEntities db = new CuponeraEntities())
{
var userId = db.UserProfile.Where(u => u.UserName.Equals(httpContext.User.Identity.Name)).Select(u => u.UserId).FirstOrDefault();
switch (entity)
{
case "offer":
stores.Add(db.offer.Where(o => o.IdOffer.Equals(idEntity)).FirstOrDefault().product.store.IdStore);
break;
case "product":
stores.Add(db.product.Where(p => p.IdProduct.Equals(idEntity)).FirstOrDefault().store.IdStore);
break;
case "company":
stores.AddRange(db.company.Where(c => c.IdCompany.Equals(idEntity)).FirstOrDefault().store.Select(s => s.IdStore));
if (MustBeCompanyAdmin && db.userCompany.Where(uc => uc.IdCompany.Equals(idEntity) && uc.IdUser.Equals(userId) && uc.IsAdmin).Count() <= 0)
{
return(false);
}
break;
case "store":
stores.Add(idEntity);
break;
case "userCompany":
if (MustBeCompanyAdmin && db.userCompany.Where(uc => uc.IdUser.Equals(userId) && uc.IsAdmin).Count() <= 0)
{
return(false);
}
else
{
return(true);
}
break;
}
}
//Otherwise, I need to check if he can admin over the selected company/store
return(CuponeraPrincipal.CanAdminStores(stores));
}
else
{
using (CuponeraEntities db = new CuponeraEntities())
{
var userId = db.UserProfile.Where(u => u.UserName.Equals(httpContext.User.Identity.Name)).Select(u => u.UserId).FirstOrDefault();
switch (entity)
{
case "store":
case "company":
if (MustBeCompanyAdmin)
{
if (CuponeraIdentity.AdminCompany > 0)
{
return(true);
}
else
{
return(false);
}
}
break;
case "userCompany":
if (MustBeCompanyAdmin && db.userCompany.Where(uc => uc.IdUser.Equals(userId) && uc.IsAdmin).Count() <= 0)
{
return(false);
}
else
{
return(true);
}
break;
}
}
return(true);
}
}