public bool IsAuthorized(string authenticationToken, HttpActionEnumCombinationRule combineRule = HttpActionEnumCombinationRule.Any, PermissionType permission = PermissionType.Write, int[] actions = null)
{
if (string.IsNullOrWhiteSpace(authenticationToken))
{
throw new AuthenticationException(AuthenticationType.User, "AuthenticationException.UnAuthorizedRequest");
}
return(_userService.IsValidToken(authenticationToken));
}
public bool IsAuthorized(System.Web.HttpContextBase httpContext, HttpActionEnumCombinationRule combineRule = HttpActionEnumCombinationRule.Any, PermissionType permission = PermissionType.Write, int[] actions = null)
{
return(true);
//if (WebSessionManager.Instance.CurrentUserId <= 0 || string.IsNullOrEmpty(WebSessionManager.Instance.CurrentDrugStoreCode))
//{
// retVal = false;
//}
//Get the current claims principal
//var prinicpal = (ClaimsPrincipal)Thread.CurrentPrincipal;
//Make sure they are authenticated
//if (!prinicpal.Identity.IsAuthenticated)
// return false;
//allows if SuperUser.
//if (prinicpal.IsInRole(MedMan.App_Start.Constants.Security.Roles.SuperUser.Value))
//{
// return true;
//}
//var roles = prinicpal.Claims.Where(c => c.Type == ClaimTypes.Role).Select(c => c.Value).ToArray();
//Check if they are authorized
//retVal = FunctionsService.Authorize(controller, action, nhaThuoc, checkRoles);
//var request = httpContext.Request;
//string controller = request.RequestContext.RouteData.Values["controller"].ToString();
//string action = request.RequestContext.RouteData.Values["action"].ToString();
var session = WebSessionManager.Instance;
var currentUserId = session.CurrentUserId;
if (currentUserId > 0)
{
//var drugStoreCode = session.CurrentDrugStoreCode;
//var request = httpContext.Request;
//// Generate an audit
//var audit = new Audit()
//{
// // Your Audit Identifier
// AuditID = Guid.NewGuid(),
// // Our Username (if available)
// UserName = (request.IsAuthenticated) ? httpContext.User.Identity.Name : "Anonymous",
// UserID = currentUserId,
// DrugStoreCode = drugStoreCode,
// // The IP Address of the Request
// IPAddress = request.ServerVariables["HTTP_X_FORWARDED_FOR"] ?? request.UserHostAddress,
// // The URL that was accessed
// AreaAccessed = request.RawUrl,
// // Creates our Timestamp
// CreatedDateTime = DateTime.UtcNow
//};
//HostingEnvironment.QueueBackgroundWorkItem(ct => AuditAction(audit, currentUserId, drugStoreCode));
}
var user = session.CurrentUser;
if (null == user)
{
return(false);
}
if (user.IsSystemAdmin() || actions == null || !actions.Any())
{
return(true);
}
switch (combineRule)
{
case HttpActionEnumCombinationRule.Any: return(actions.Any(a => user.HasPermission(a)));
case HttpActionEnumCombinationRule.All: return(actions.All(a => user.HasPermission(a)));
case HttpActionEnumCombinationRule.NotAny: return(!actions.Any(a => user.HasPermission(a)));
case HttpActionEnumCombinationRule.NotAll: return(!actions.All(a => user.HasPermission(a)));
}
return(false);
}
