Example #1
0
        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            DTOSessionUsuario sess = (DTOSessionUsuario)MSession.ReturnSessionObject();

            string controlador = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
            string accion      = filterContext.ActionDescriptor.ActionName;

            if (sess == null)
            {
                if (!MSession.isAjaxCall())
                {
                    filterContext.Result = new RedirectResult(filterContext.HttpContext.Request.ApplicationPath);
                }
                else
                {
                    filterContext.Result = new HttpUnauthorizedResult();
                    filterContext.Result = new HttpUnauthorizedResult();
                }
            }
            else
            {
                sess.llamada = controlador + "/" + accion;
                if (sess.Funcionalidades.FindAll(x => x.FUN_CONTROLLER.ToUpper() == controlador.ToUpper() && x.FUN_ACTION.ToUpper() == accion.ToUpper()).Count == 0)
                {
                    if (sess.Funcionalidades.FindAll(x => x.FUN_CONTROLLER.ToUpper() == controlador.ToUpper() && (x.FUN_ACTION == "" || accion.ToUpper().Contains("EXCEL") || accion.ToUpper().Contains("CSV") || accion.ToUpper().Contains("PDF") || accion.ToUpper().Contains("DETALLE") || accion.ToUpper().Contains("PNG"))).Count == 0)
                    {
                        if ((controlador.ToUpper() != "MODIFICARACCESO" && controlador.ToUpper() != "IMAGEN"))
                        {
                            if (!MSession.isAjaxCall())
                            {
                                MSession.FreeSession();
                                filterContext.Result = new RedirectResult(filterContext.HttpContext.Request.ApplicationPath);
                            }
                        }
                    }
                }
            }
        }