internal static bool CanAccessResourceCore(PermissionContext permissionContext)
        {
            var user = permissionContext.User;
            var controller = permissionContext.ControllerContext.Controller;
            if (controller is PracticeController)
            {
                var practiceController = controller as PracticeController;
                var isSelf = practiceController.IsSelfUser(user);
                return isSelf;
            }

            return false;
        }
 protected override void OnDeniedPermissionPrompt(PermissionContext context)
 {
     context.Result = _deniedPermissionPromptHookResult;
 }
 protected override void OnPermissionPrompt(PermissionContext context)
 {
     context.Result = _promptPermissionHookResult;
 }
 protected override void OnCannotCreateCookies(PermissionContext context)
 {
     context.Result = _cannotCreateCookieResult;
 }
            protected override void OnDeniedPermissionPrompt(PermissionContext context)
            {
                DeniedPermissionPromptHookTriggered = true;

                base.OnDeniedPermissionPrompt(context);
            }
            protected override void OnCannotCreateCookies(PermissionContext context)
            {
                CannotCreateCookiesHookTriggered = true;

                base.OnCannotCreateCookies(context);
            }
 protected override void OnDeniedPermissionPrompt(PermissionContext context)
 {
     context.Result = null;
 }
        private void PromptMissingPermissions(PermissionContext permissionContext, string redirectUrl)
        {
            AuthorizationContext filterContext = permissionContext.FilterContext;
            HashSet<string> requiredPermissions = permissionContext.RequiredPermissions;

            // If there were no errors it means that we will be prompted with a permission prompt.
            // Therefore, invoke the permission prompt hooks and navigate to the prompt.

            IEnumerable<string> declinedPermissions = permissionContext.DeclinedPermissions;
            IEnumerable<string> skippedPermissions = permissionContext.SkippedPermissions;
            IEnumerable<string> missingPermissions = permissionContext.MissingPermissions;

            // Declined permissions and skipped permissions can persist through multiple pages.  So we need to cross check
            // them against the current pages permissions, this will determine if we should invoke the denied permission hook.
            bool deniedPermissions = missingPermissions.Where(
                permission => declinedPermissions.Contains(permission) ||
                              skippedPermissions.Contains(permission)).Any();

            permissionContext.RedirectUrl = redirectUrl;

            // See if our persisted permissions cookie doesn't exist and if we've had missing permissions before.
            // Essentially this checks to see if we've tried to persist permissions before and were unsuccessful due to an
            // inability to create cookies.
            if (!PermissionHelper.RequestedPermissionsCookieExists(filterContext.HttpContext.Request) &&
                filterContext.HttpContext.Request.QueryString.Get(MissingPermissionsQueryName) != null)
            {
                OnCannotCreateCookies(permissionContext);
            }
            else
            {
                // The DeniedPermissionPromptHook will only be invoked if we detect there are denied permissions.
                // It is attempted instead of the permission hook to allow app creators to handle situations when a user
                // skip's or revokes previously prompted permissions. Ex: redirect to a different page.
                if (deniedPermissions)
                {
                    OnDeniedPermissionPrompt(permissionContext);
                }
                else
                {
                    OnPermissionPrompt(permissionContext);
                }

                // We persist the requested permissions in a cookie to know if a permission was denied in any way.
                // The persisted data allows us to detect skipping of permissions.
                PermissionHelper.PersistRequestedPermissions(filterContext, requiredPermissions);
            }

            filterContext.Result = permissionContext.Result;
        }
        public virtual void OnAuthorization(AuthorizationContext filterContext)
        {
            if (filterContext == null)
            {
                throw new ArgumentNullException("filterContext");
            }

            IEnumerable<FacebookAuthorizeAttribute> authorizeAttributes = filterContext.ActionDescriptor
                .GetCustomAttributes(typeof(FacebookAuthorizeAttribute), inherit: true)
                .Union(filterContext.ActionDescriptor.ControllerDescriptor
                    .GetCustomAttributes(typeof(FacebookAuthorizeAttribute), inherit: true))
                .OfType<FacebookAuthorizeAttribute>();
            if (!authorizeAttributes.Any())
            {
                return;
            }

            FacebookClient client = _config.ClientProvider.CreateClient();
            HttpRequestBase request = filterContext.HttpContext.Request;
            dynamic signedRequest = FacebookRequestHelpers.GetSignedRequest(
                filterContext.HttpContext,
                rawSignedRequest =>
                {
                    return client.ParseSignedRequest(rawSignedRequest);
                });
            string userId = null;
            string accessToken = null;
            if (signedRequest != null)
            {
                userId = signedRequest.user_id;
                accessToken = signedRequest.oauth_token;
            }

            NameValueCollection parsedQueries = HttpUtility.ParseQueryString(request.Url.Query);
            HashSet<string> requiredPermissions = PermissionHelper.GetRequiredPermissions(authorizeAttributes);
            bool handleError = !String.IsNullOrEmpty(parsedQueries["error"]);

            // This must occur AFTER the handleError calculation because it modifies the parsed queries.
            string redirectUrl = GetRedirectUrl(request, parsedQueries);

            // Check if there was an error and we should handle it.
            if (handleError)
            {
                Uri errorUrl;

                if (String.IsNullOrEmpty(_config.AuthorizationRedirectPath))
                {
                    errorUrl = DefaultAuthorizationRedirectUrl;
                }
                else
                {
                    errorUrl = GetErroredAuthorizeUri(redirectUrl, requiredPermissions);
                }

                filterContext.Result = CreateRedirectResult(errorUrl);

                // There was an error so short circuit
                return;
            }

            FacebookContext facebookContext = new FacebookContext
            {
                Client = client,
                SignedRequest = signedRequest,
                AccessToken = accessToken,
                UserId = userId,
                Configuration = _config
            };

            PermissionContext permissionContext = new PermissionContext
            {
                FacebookContext = facebookContext,
                FilterContext = filterContext,
                RequiredPermissions = requiredPermissions,
            };

            // Check if we need to prompt for default permissions.
            if (signedRequest == null || String.IsNullOrEmpty(userId) || String.IsNullOrEmpty(accessToken))
            {
                PromptDefaultPermissions(permissionContext, redirectUrl);
            }
            else if (requiredPermissions.Any())
            {
                PermissionsStatus currentPermissionsStatus = _config.PermissionService.GetUserPermissionsStatus(userId, accessToken);
                // Instead of performing another request to gather "granted" permissions just parse the status
                IEnumerable<string> currentPermissions = PermissionHelper.GetGrantedPermissions(currentPermissionsStatus);
                IEnumerable<string> missingPermissions = requiredPermissions.Except(currentPermissions);

                // If we have missing permissions than we need to present a prompt or redirect to an error 
                // page if there's an error.
                if (missingPermissions.Any())
                {
                    permissionContext.MissingPermissions = missingPermissions;
                    permissionContext.DeclinedPermissions = PermissionHelper.GetDeclinedPermissions(currentPermissionsStatus);
                    permissionContext.SkippedPermissions = PermissionHelper.GetSkippedPermissions(
                        filterContext.HttpContext.Request,
                        missingPermissions,
                        permissionContext.DeclinedPermissions);

                    PromptMissingPermissions(permissionContext, redirectUrl);
                }
            }
        }
        private void PromptMissingPermissions(PermissionContext permissionContext, string redirectUrl)
        {
            AuthorizationContext filterContext = permissionContext.FilterContext;
            HashSet<string> requiredPermissions = permissionContext.RequiredPermissions;

            // If there were no errors it means that we will be prompted with a permission prompt.
            // Therefore, invoke the permission prompt hooks and navigate to the prompt.

            IEnumerable<string> declinedPermissions = permissionContext.DeclinedPermissions;
            IEnumerable<string> skippedPermissions = permissionContext.SkippedPermissions;
            IEnumerable<string> missingPermissions = permissionContext.MissingPermissions;

            // Declined permissions and skipped permissions can persist through multiple pages.  So we need to cross check
            // them against the current pages permissions, this will determine if we should invoke the denied permission hook.
            bool deniedPermissions = missingPermissions.Where(
                permission => declinedPermissions.Contains(permission) ||
                              skippedPermissions.Contains(permission)).Any();

            permissionContext.RedirectUrl = redirectUrl;

            // The DeniedPermissionPromptHook will only be invoked if we detect there are denied permissions.
            // It is attempted instead of the permission hook to allow app creators to handle situations when a user
            // skip's or revokes previously prompted permissions. Ex: redirect to a different page.
            if (deniedPermissions)
            {
                OnDeniedPermissionPrompt(permissionContext);
            }
            else
            {
                OnPermissionPrompt(permissionContext);
            }

            // We persist the requested permissions in a cookie to know if a permission was denied in any way.
            // The persisted data allows us to detect skipping of permissions.
            PermissionHelper.PersistRequestedPermissions(filterContext, requiredPermissions);

            filterContext.Result = permissionContext.Result;
        }
        private void PromptDefaultPermissions(PermissionContext permissionContext, string redirectUrl)
        {
            FacebookClient client = permissionContext.FacebookContext.Client;
            // Cannot obtain user information from signed_request, redirect to Facebook OAuth dialog.
            Uri navigationUrl = client.GetLoginUrl(redirectUrl,
                                                   _config.AppId,
                                                   permissions: null);

            permissionContext.FilterContext.Result = CreateRedirectResult(navigationUrl);
        }
 /// <summary>
 /// Invoked during <see cref="OnAuthorization"/> prior to a permission prompt that is requesting permissions that have
 /// not been requested before. Set the <paramref name="context"/>'s Result property to modify login flow.
 /// </summary>
 /// <param name="context">Provides access to permission information associated with the user.</param>
 protected virtual void OnPermissionPrompt(PermissionContext context)
 {
     context.Result = ShowPrompt(context);
 }
 /// <summary>
 /// Invoked during <see cref="OnAuthorization"/> when a prompt requests permissions that were skipped or revoked.
 /// Set the <paramref name="context"/>'s Result property to modify login flow.
 /// </summary>
 /// <param name="context">Provides access to permission information associated with the user.</param>
 protected virtual void OnDeniedPermissionPrompt(PermissionContext context)
 {
 }
        /// <summary>
        /// Returns an <see cref="ActionResult"/> that indicates we want to show a permission prompt.  Should only be used as a
        /// return value within the <see cref="OnPermissionPrompt"/> and <see cref="OnDeniedPermissionPrompt"/> methods.
        /// </summary>
        /// <returns>An <see cref="ActionResult"/> that indicates that we want to show a permission prompt.</returns>
        protected ShowPromptResult ShowPrompt(PermissionContext context)
        {
            FacebookClient client = context.FacebookContext.Client;
            Uri navigationUrl = client.GetLoginUrl(context.RedirectUrl,
                                                   _config.AppId,
                                                   permissions: String.Join(",", context.RequiredPermissions));

            return new ShowPromptResult(navigationUrl);
        }
 public override bool CanAccessResource(PermissionContext permissionContext)
 {
     return SelfPermissionAttribute.CanAccessResourceCore(permissionContext)
            || base.CanAccessResource(permissionContext);
 }
 public override bool CanAccessResource(PermissionContext permissionContext)
 {
     var user = permissionContext.User;
     return user.IsOwner;
 }
 public override bool CanAccessResource(PermissionContext permissionContext)
 {
     return CanAccessResourceCore(permissionContext);
 }
        /// <summary>
        /// Invoked during <see cref="OnAuthorization"/> after determining that cookies cannot be created. Default behavior
        /// redirects to a no cookies error page.
        /// </summary>
        /// <param name="context">Provides access to permission information associated with the user.</param>
        protected virtual void OnCannotCreateCookies(PermissionContext context)
        {
            Uri redirectPath;

            if (String.IsNullOrEmpty(_config.CannotCreateCookieRedirectPath))
            {
                redirectPath = DefaultCannotCreateCookiesRedirectPath;
            }
            else
            {
                redirectPath = GetCannotCreateCookiesUri();
            }

            context.Result = CreateRedirectResult(redirectPath);
        }