public async Task AuthenticateAsync(HttpAuthenticationContext context, CancellationToken cancellationToken)
{
string action = context.Request.RequestUri.Segments.LastOrDefault();
string apiController = context.Request.RequestUri.Segments[context.Request.RequestUri.Segments.Count() - 2];
if (apiController == "User/" && action == "Validate" || //login
apiController == "Email/" || //graduate request
apiController == "Graduate/" && action == "UploadCVFile")//can be graduate request
{
return;
}
string token = context.Request.Headers.Authorization.ToString();
token = token.Substring(7);
var valid = Token.ValidateCurrentToken(token);
if (valid != null)
{
if (ManagerOnly.Contains(apiController) && action != "GetAll" && action != "ChangePass")
{
UserDto user = UserBLManager.UserDtoById(Int32.Parse(valid.Identity.Name));
if (user.Permission.Id != 1)
{
throw new HttpResponseException(HttpStatusCode.Forbidden);
}
}
//save user
context.Principal = valid;
}
else
{
throw new HttpResponseException(HttpStatusCode.Unauthorized);
}
}
public System.Object GetPages()
{
var v = new[]
{
new { uri = "graduates", name = "בוגרים" },
new { uri = "jobs", name = "משרות" },
new { uri = "companies", name = "חברות" },
new { uri = "Placements", name = "השמות" },
new { uri = "Charts", name = "תרשימים" },
new { uri = "users", name = "משתשים" },
new { uri = "lists", name = "תחזוקה" }
};
var list = v.ToList();
var userId = Int32.Parse(HttpContext.Current.User.Identity.Name);
if (UserBLManager.UserDtoById(userId).Permission.Id != 1)
{
list.RemoveAt(6);
list.RemoveAt(5);
}
return(list);
}
public UserDto Get(int id)
{
return(UserBLManager.UserDtoById(id));
}