protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var routeValues = HttpContext.Current.Request.RequestContext.RouteData.Values;
controller = (string)routeValues["controller"];
action = (string)routeValues["action"];
bool Authorize = false;
if (HttpContext.Current.Session == null || HttpContext.Current.Session["UserId"] == null)
{
return(Authorize);
}
if (!long.TryParse(HttpContext.Current.Session["UserId"].ToString(), out userId))
{
userId = 0;
}
if (HttpContext.Current.Session == null || HttpContext.Current.Session["UserId"] == null ||
userId == 0 || string.IsNullOrEmpty(controller) || string.IsNullOrEmpty(action))
{
//do nothing
}
else
{
BasicAuthorizer _BA = new BasicAuthorizer();
var _UserAuthorization = new UserAuthorizationParam()
{
UserId = userId,
AssetItem = controller,
PermittedAction = action,
};
if (_BA.IsAuthorized(_UserAuthorization))
{
Authorize = true;
}
}
return(Authorize);
}
public bool IsAuthorized(UserAuthorizationParam UserAuthor)
{
bool IsPermitted = false;
using (var db = new UKareEntities())
{
var aUser = db.Users.Where(p => p.Id == UserAuthor.UserId).FirstOrDefault();
if (aUser != null)
{
var userRoleId = aUser.RoleId;
var userPermissions = db.Permissions.Where(p => p.RoleId == userRoleId).ToList();
IsPermitted = userPermissions.Any(up => up.ActionName.Equals(UserAuthor.PermittedAction, StringComparison.InvariantCultureIgnoreCase) &&
up.ActionName.Equals(UserAuthor.PermittedAction, StringComparison.InvariantCultureIgnoreCase));
return(IsPermitted);
}
}
return(IsPermitted);
}
