Beispiel #1
0
        public override void OnActionExecuting(HttpActionContext actionContext)
        {
            if (!actionContext.ActionArguments.Keys.Select(s => s.ToLower()).Contains(TokenName.ToLower()))
            {
                throw new HttpResponseException(HttpStatusCode.NotFound);
            }

            var argument = actionContext.ActionArguments[TokenName.ToLower()].ToString();

            var command = new IsTokenHasAccessToFunctionCommand
            {
                Token = Guid.Parse(argument),
                Functions = _functions
            };

            var answer = SessionService.IsTokenHasAccessToFunction(command);

            if (answer.AccessType == AccessType.Denied)
            {
                throw new HttpResponseException(HttpStatusCode.NotFound);
            }

            if (answer.AccessType == AccessType.Redirected)
            {
                throw new HttpResponseException(HttpStatusCode.NotFound);
                return;
            }

            base.OnActionExecuting(actionContext);
        }
Beispiel #2
0
        protected virtual AccessType CheckPresenceOfToken(IsTokenHasAccessToFunctionCommand command)
        {
            var userFunctions = _userFunctionManager.GetFunctionsByToken(command.Token);

            if (!userFunctions.Any())
            {
                return AccessType.Denied;
            }

            var functions = GetFunctionsByCommand(command);

            var result = PossessAllFunctions(functions, userFunctions.Select(access => access.FunctionStorageModel));

            var checkedFunctions = userFunctions
                .Where(item => functions.Select(value => value.FunctionIdentityName).Contains(item.FunctionStorageModel.FunctionIdentityName));

            if (!result)
            {
                return AccessType.Redirected;
            }

            if (checkedFunctions.Any(access => access.AccessType == AccessType.Disabled))
            {
                return AccessType.Disabled;
            }

            return AccessType.Accepted;
        }
Beispiel #3
0
        public IsTokenHasAccessToFunctionCommandAnswer IsTokenHasAccessToFunction(IsTokenHasAccessToFunctionCommand command)
        {
            if (command.Token == null)
            {
                return new IsTokenHasAccessToFunctionCommandAnswer
                {
                    Errors = GetAccessDeniedErrors(),
                    AccessType = AccessType.Denied
                };
            }

            var result = new IsTokenHasAccessToFunctionCommandAnswer
            {
                AccessType = CheckPresenceOfToken(command),
                Token = (Guid)command.Token
            };

            if (result.AccessType == AccessType.Denied)
            {
                result.Errors = GetAccessDeniedErrors();
            }

            return result;
        }
Beispiel #4
0
        protected virtual AccessType GetAccessByCommand(AbstractTokenCommand command)
        {
            if (command == null)
            {
                return AccessType.Denied;
            }

            var token = command.Token;

            var newCommand = new IsTokenHasAccessToFunctionCommand
            {
                Functions = _functions.ToList(),
                Token = token
            };

            var sessionService = SessionServiceFactory.CreateSessionService();
            var answer = sessionService.IsTokenHasAccessToFunction(newCommand);

            return answer.AccessType;
        }
Beispiel #5
0
        protected virtual IEnumerable<FunctionStorageModel> GetFunctionsByCommand(IsTokenHasAccessToFunctionCommand command)
        {
            var result =
                _functionRepository.GetModels()
                    .Where(model => command.Functions.Contains(model.FunctionIdentityName))
                    .Where(model => !model.IsBlocked)
                    .ToList();

            return result;
        }