protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var authorized = base.AuthorizeCore(httpContext);
if (!authorized)
{
// The user is not authenticated
return false;
}
var rd = httpContext.Request.RequestContext.RouteData;
string id = rd.Values["id"] as string;
if (string.IsNullOrEmpty(id))
{
// No id was specified => we do not allow access
return false;
}
string roles = ItemAccess.AuthorizedRoleList(AccessType.Write, id);
return httpContext.User.IsInRole(roles))
}
