public override void OnActionExecuting(ActionExecutingContext filterContext)
{
HttpRequest request = HttpContext.Current.Request;
// TODO: DI
// TODO: Caching
string permissionsDbPath = Path.Combine(AppDomain.CurrentDomain.GetData("DataDirectory").ToString(), "PermissionsDB.xml");
var permissionsRepo = new PermissionsXmlRepository(permissionsDbPath);
var rolesCsvProvider = new RolesCsvCookieProvider(request);
var permissionsService = new PermissionsService(permissionsRepo, rolesCsvProvider);
string controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
bool canAccessUrl = controllerName == "Error" || permissionsService.HasUrlPermission(request.RawUrl, request.HttpMethod);
bool canAccessMethod = RequiredTask == null || permissionsService.HasTaskPermission(RequiredTask);
Debug.WriteLine($"AuthFilter canAccessUrl: {canAccessUrl}, canAccessMethod: {canAccessMethod}");
if (!canAccessUrl || !canAccessMethod)
{
if (filterContext.HttpContext.Request.IsAjaxRequest())
{
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary { { "controller", "Error" }, { "action", "PermissionErrorAjax" } });
}
else
{
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary { { "controller", "Error" }, { "action", "PermissionError" } });
}
}
base.OnActionExecuting(filterContext);
}
public PermissionsRepositoryXmlTests()
{
_repo = new PermissionsXmlRepository(@"Resources\TestPermissionsDB.xml");
}
