public PersonService(IRepository<Firm> firmRepository, IRepository<Person> personRepository, IRepository<SeminarPerson> seminarPersonRepository, IRepository<Seminar> seminarRepository, IRepositoryWithTypedId<User, Guid> userRepository, IFirmService firmService, IRepositoryWithTypedId<AddressType, char> addressTypeRepository, IRepositoryWithTypedId<ContactType, char> contactTypeRepository, IRepository<Commodity> commodityRepository )
{
_firmRepository = firmRepository;
_personRepository = personRepository;
_seminarPersonRepository = seminarPersonRepository;
_seminarRepository = seminarRepository;
_userRepository = userRepository;
_firmService = firmService;
_addressTypeRepository = addressTypeRepository;
_contactTypeRepository = contactTypeRepository;
_commodityRepository = commodityRepository;
_membershipService = new AccountMembershipService();
}
protected override bool AuthorizeCore(System.Web.HttpContextBase httpContext)
{
// load the user and make sure they are valid
var userName = httpContext.User.Identity.Name;
var membership = new AccountMembershipService();
var result = membership.IsValidUser(userName);
if (result)
{
// load the site id
var siteId = httpContext.Request.RequestContext.RouteData.Values["site"];
var personRepository = SmartServiceLocator<IRepositoryWithTypedId<Person, string>>.GetService();
var person = personRepository.Queryable.First(a => a.User.LoweredUserName == userName.ToLower());
//httpContext.Result = new System.Web.Mvc.HttpStatusCodeResult((int)System.Net.HttpStatusCode.Forbidden);
return person.Sites.Any(a => a.Id == (string)siteId);
}
return false;
}