public void TestAccessRights()
{
var expected = new [] { AccessRight.OpenFolder, AccessRight.CreateFolder, AccessRight.DeleteFolder, AccessRight.ExpungeFolder, AccessRight.AppendMessages, AccessRight.SetMessageDeleted };
var rights = new AccessRights();
int i;
Assert.IsFalse(rights.IsReadOnly, "IsReadOnly");
Assert.IsTrue(rights.Add(AccessRight.OpenFolder), "Add OpenFolder");
Assert.AreEqual(1, rights.Count, "Count after adding OpenFolder");
Assert.IsFalse(rights.Add(AccessRight.OpenFolder), "Add OpenFolder again");
Assert.AreEqual(1, rights.Count, "Count after adding OpenFolder again");
Assert.IsTrue(rights.Add(AccessRight.CreateFolder.Right), "Add CreateFolder");
Assert.AreEqual(2, rights.Count, "Count after adding CreateFolder");
Assert.IsFalse(rights.Add(AccessRight.CreateFolder), "Add CreateFolder again");
Assert.AreEqual(2, rights.Count, "Count after adding OpenFolder again");
rights.AddRange(new [] { AccessRight.DeleteFolder, AccessRight.ExpungeFolder });
Assert.AreEqual(4, rights.Count, "Count after adding DeleteFolder and ExpungeFolder");
Assert.IsTrue(rights.Contains(AccessRight.DeleteFolder), "Contains DeleteFolder");
Assert.IsTrue(rights.Contains(AccessRight.ExpungeFolder), "Contains ExpungeFolder");
Assert.IsFalse(rights.Contains(AccessRight.Administer), "Contains Administer");
rights.AddRange("it");
Assert.AreEqual(6, rights.Count, "Count after adding AppendMessages and SetMessageDeleted");
Assert.IsTrue(rights.Contains(AccessRight.AppendMessages), "Contains AppendMessages");
Assert.IsTrue(rights.Contains(AccessRight.SetMessageDeleted), "Contains SetMessageDeleted");
Assert.IsFalse(rights.Contains(AccessRight.Administer), "Contains Administer");
for (i = 0; i < 6; i++)
{
Assert.AreEqual(expected[i], rights[i], "rights[{0}]", i);
}
((ICollection <AccessRight>)rights).Add(AccessRight.Administer);
Assert.IsTrue(rights.Remove(AccessRight.Administer), "Remove Administer");
Assert.IsFalse(rights.Remove(AccessRight.Administer), "Remove Administer again");
i = 0;
foreach (var right in rights)
{
Assert.AreEqual(expected[i], right, "foreach rights[{0}]", i++);
}
i = 0;
foreach (AccessRight right in ((IEnumerable)rights))
{
Assert.AreEqual(expected[i], right, "generic foreach rights[{0}]", i++);
}
var array = new AccessRight[rights.Count];
rights.CopyTo(array, 0);
for (i = 0; i < 6; i++)
{
Assert.AreEqual(expected[i], array[i], "CopyTo[{0}]", i);
}
Assert.AreEqual("rkxeit", rights.ToString(), "ToString");
}
public void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext.ActionDescriptor.GetCustomAttributes(typeof(AllowAnonymousAttribute), true).Any() ||
filterContext.ActionDescriptor.ControllerDescriptor.GetCustomAttributes(typeof(AllowAnonymousAttribute), true).Any())
{
return;
}
if (AccessRightsInput == null) //Default behavior: Don't allow access to anyone
{
filterContext.Result = new ViewResult {
ViewName = "AccessDenied"
};
}
else if (AccessRightsInput != null)
{
#region Setting Rights
//AnonymousUser, NormalLoggedUser, Admin
if (AccessRightsInput[0].ToString() == "1")
{
AccessRights.Add(AllowAccessTo.AnonymousUser);
}
if (AccessRightsInput[1].ToString() == "1")
{
AccessRights.Add(AllowAccessTo.NormalLoggedUser);
}
if (AccessRightsInput[2].ToString() == "1")
{
AccessRights.Add(AllowAccessTo.Admin);
}
#endregion
#region Access Granted
if (AccessRights.Contains(AllowAccessTo.AnonymousUser) && !LoginUserSession.Current.IsAuthenticated && !LoginUserSession.Current.IsAdmin) //acess granted only for an anonymous user
{
return;
}
else if (AccessRights.Contains(AllowAccessTo.NormalLoggedUser) && LoginUserSession.Current.IsAuthenticated && !LoginUserSession.Current.IsAdmin) //acess granted only for an normal logged user
{
return;
}
else if (AccessRights.Contains(AllowAccessTo.Admin) && LoginUserSession.Current.IsAuthenticated && LoginUserSession.Current.IsAdmin) //acess granted only for an admin
{
return;
}
#endregion
#region Access Denied
//if this is reached, then the user doesn't have the rights to enter the action and will be either redirected to an other action or AccessDenied page
if (Redirect && !LoginUserSession.Current.IsAuthenticated && !LoginUserSession.Current.IsAdmin)
{
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new { controller = "Home", action = "Login" })); //redirect to anonymous user main page
}
else if (Redirect && LoginUserSession.Current.IsAuthenticated && !LoginUserSession.Current.IsAdmin)
{
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new { controller = "Home", action = "Index" })); //redirect to normal logged user main page
}
else if (Redirect && LoginUserSession.Current.IsAuthenticated && LoginUserSession.Current.IsAdmin)
{
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new { controller = "Home", action = "Index" })); //redirect to admin user main page
}
else
{
filterContext.Result = new ViewResult {
ViewName = "AccessDenied"
}; //if this is reached, then the user doesn't have the rights to enter the action neither does he have to be redirected
}
#endregion
}
}
