/// <summary>
/// Check the permissions on an object against the Session. Will return false
/// if Session UserId is empty or the user does not have permissions
/// </summary>
/// <param name="poco"></param>
/// <param name="session"></param>
/// <returns></returns>
public static bool CheckObjectPermissions(DataObject poco, Session session)
{
if (poco.HasProperty("UserId") && poco.GetType().Name != "UserLogin") {
// Its user specific
if (session == null) {
return false;
}
if (session.UserId == Guid.Empty) {
return false;
}
if (poco.GetPropValue("UserId").ToGuid() == session.UserId) {
return true;
}
return false;
} else if (poco.HasProperty("HouseholdId")) {
if (session.Household == null) {
return false;
}
if (session.Household.Id == Guid.Empty) {
return false;
}
if (poco.GetPropValue("HouseholdId").ToGuid() == session.Household.Id) {
return true;
}
}
// If we are not user specific then we dont care about permissions
return true;
}
public BaseController()
{
if (AppSession == null) {
// Get from session first
if (System.Web.HttpContext.Current.Session["Session"] != null &&
(System.Web.HttpContext.Current.Session["Session"] as Session).UserId != Guid.Empty) {
AppSession = (Session)System.Web.HttpContext.Current.Session["Session"];
} else {
AppSession = new Session();
var UserId = System.Web.HttpContext.Current.User.Identity.GetUserId();
if (!UserId.IsNull()) {
var household = GetHouseholdForCurrentUser(UserId.ToGuid());
AppSession.BuildSession(UserId.ToGuid(), household);
// Set the session
System.Web.HttpContext.Current.Session.Add("Session", AppSession);
}
}
}
}
protected void ClearSession()
{
AppSession = null;
System.Web.HttpContext.Current.Session.Add("Session", null);
}
