// GET: /QuickLinkLists/Delete/5
//public ActionResult Delete(int? id)
//{
// if (id == null)
// {
// return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
// }
// QuickLinkList quicklinklist = db.QuickLinkLists.Find(id);
// if (quicklinklist == null)
// {
// return HttpNotFound();
// }
// return View(quicklinklist);
//}
//// POST: /QuickLinkLists/Delete/5
//[HttpPost, ActionName("Delete")]
//[ValidateAntiForgeryToken]
//public ActionResult DeleteConfirmed(int id)
//{
// QuickLinkList quicklinklist = db.QuickLinkLists.Find(id);
// db.QuickLinkLists.Remove(quicklinklist);
// db.SaveChanges();
// return RedirectToAction("Index");
//}
protected override void Dispose(bool disposing)
{
if (disposing)
{
db.Dispose();
}
base.Dispose(disposing);
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
CONNEXDBEntities db = new CONNEXDBEntities();
//var isAuthorized = base.AuthorizeCore(httpContext);
//if (!isAuthorized)
//{
// return false;
//}
string trace = "1-";
bool authorized = false;
//get current username
string userName = httpContext.User.Identity.Name.ToString();
Admin currentUser = (Admin)db.Admins.Where(x => x.Network_ID == userName).FirstOrDefault();
db.Entry(currentUser).Reload();//forces a refresh of EF data
if (currentUser != null)
{
trace += "1a-";
//get user roles
foreach (Role role in currentUser.Roles.OrderBy(x => x.Role_ID))
{
trace += "2-";
//allow any admin
if (role.Role1 == "Admin")
{
trace += "2a-";
authorized = true;
break;
}
else if (role.Role1 == "ContentManager")
{
//get current request url and extract Page_ID
trace += "3-";
string url = httpContext.Request.Url.AbsoluteUri;
if (httpContext.Request.QueryString["Page_ID"] != null)
{
trace += "3-";
try
{
trace += "3a-";
int Page_ID = Convert.ToInt32(httpContext.Request.QueryString["Page_ID"]);
//lookup access in db
if (currentUser.PageAdminAssigns.Any(x => x.Page_ID == Page_ID))
{
trace += "4-";
authorized = true;
break;
}
}
catch (Exception)
{
trace += "5-";
//do nothing
}
}
else
{
trace += "6-";
int altIndex = url.LastIndexOf("/Pages/Edit/");
if (altIndex > -1)
{
trace += "7-";
string[] parts = url.Substring(altIndex + 12, url.Length - (altIndex + 12)).Split('?');
try
{
trace += "8-";
int Page_ID = Convert.ToInt32(parts[0].Trim());
//lookup access in db
//List<PageAdminAssign> authPages = (List<PageAdminAssign>)db.PageAdminAssigns.Where(x => x.Admin_ID == currentUser.Admin_ID).ToList();
if (currentUser.PageAdminAssigns.Any(x => x.Page_ID == Page_ID))
{
trace += "9-";
authorized = true;
break;
}
}
catch (Exception)
{
trace += "10-";
//do nothing
}
}
else if (httpContext.Request.Form["Page_ID"] != null)
{
trace += "11-";
int Page_ID = Convert.ToInt32(httpContext.Request.Form["Page_ID"]);
if (currentUser.PageAdminAssigns.Any(x => x.Page_ID == Page_ID))
{
trace += "12-";
authorized = true;
break;
}
}
trace += "13-";
}
trace += "14-";
}
trace += "15-";
}
}
trace += "16-";
if (!authorized)
{
if (!System.IO.Directory.Exists("C:/ConnexLogs/"))
{
System.IO.Directory.CreateDirectory("C:/ConnexLogs/");
}
using (System.IO.StreamWriter file = new System.IO.StreamWriter("C:/ConnexLogs/AuthLogs.txt", true))
{
string roles = "";
string pageIDs = "";
foreach (Role role in currentUser.Roles)
{
roles += role.Role1 + ",";
}
foreach (PageAdminAssign page in currentUser.PageAdminAssigns)
{
pageIDs += page.Page.Page_Name + ",";
}
file.WriteLine("Authorization failed for " + userName + " on the url " + httpContext.Request.Url + " with the roles " + roles + " and the assigned pages " + pageIDs + " at " + DateTime.Now.ToShortDateString() + " " + DateTime.Now.ToShortTimeString() + "\n\nTrace:\n" + trace + "\n\n");
}
}
else
{
if (!System.IO.Directory.Exists("C:/ConnexLogs/"))
{
System.IO.Directory.CreateDirectory("C:/ConnexLogs/");
}
using (System.IO.StreamWriter file = new System.IO.StreamWriter("C:/ConnexLogs/AuthLogs.txt", true))
{
file.WriteLine("Authorization successful for " + userName + " on the url " + httpContext.Request.Url + " at " + DateTime.Now.ToShortDateString() + " " + DateTime.Now.ToShortTimeString() + "\n\n");
}
}
db.Dispose();
return(authorized);
}