public async Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken)
        {
            string action        = context.Request.RequestUri.Segments.LastOrDefault();
            string apiController = context.Request.RequestUri.Segments[context.Request.RequestUri.Segments.Count() - 2];

            if (apiController == "User/" && action == "Validate" || //login
                apiController == "Email/" || //graduate request
                apiController == "Graduate/" && action == "UploadCVFile")//can be graduate request
            {
                return;
            }
            string token = context.Request.Headers.Authorization.ToString();

            token = token.Substring(7);
            var valid = Token.ValidateCurrentToken(token);

            if (valid != null)
            {
                if (ManagerOnly.Contains(apiController) && action != "GetAll" && action != "ChangePass")
                {
                    UserDto user = UserBLManager.UserDtoById(Int32.Parse(valid.Identity.Name));
                    if (user.Permission.Id != 1)
                    {
                        throw new HttpResponseException(HttpStatusCode.Forbidden);
                    }
                }

                //save user
                context.Principal = valid;
            }
            else
            {
                throw new HttpResponseException(HttpStatusCode.Unauthorized);
            }
        }
        public System.Object GetPages()
        {
            var v = new[]
            {
                new { uri = "graduates", name = "בוגרים" },
                new { uri = "jobs", name = "משרות" },
                new { uri = "companies", name = "חברות" },
                new { uri = "Placements", name = "השמות" },
                new { uri = "Charts", name = "תרשימים" },

                new { uri = "users", name = "משתשים" },
                new { uri = "lists", name = "תחזוקה" }
            };
            var list = v.ToList();

            var userId = Int32.Parse(HttpContext.Current.User.Identity.Name);

            if (UserBLManager.UserDtoById(userId).Permission.Id != 1)
            {
                list.RemoveAt(6);
                list.RemoveAt(5);
            }

            return(list);
        }
Example #3
0
 public UserDto Get(int id)
 {
     return(UserBLManager.UserDtoById(id));
 }