public override void OnAuthorization(AuthorizationContext filterContext) { base.OnAuthorization(filterContext); EnumHelper.Roles role = EnumHelper.Roles.Viewer; if (HttpContext.Current.User.IsInRole(EnumHelper.Roles.Author.ToString())) { role = EnumHelper.Roles.Author; } else if (HttpContext.Current.User.IsInRole(EnumHelper.Roles.Admin.ToString())) { role = EnumHelper.Roles.Admin; } string action = filterContext.Controller.ControllerContext.RouteData.Values["action"].ToString(); string controller = filterContext.Controller.ControllerContext.RouteData.Values["controller"].ToString(); CustomApplicationDbContext context = new CustomApplicationDbContext(); IQueryable <RolePermission> rolePermissions = context.RolePermissions; PermissionHelper permissionHelper = new PermissionHelper(rolePermissions); if (!permissionHelper.HasPermission(role, controller, action)) { HandleUnauthorizedRequest(filterContext); } }
/// <summary> /// Returns true if the ROLE has permission to the controller and action /// </summary> /// <param name="role"></param> /// <param name="controller"></param> /// <param name="action"></param> /// <returns></returns> public bool HasPermission(EnumHelper.Roles role, string controller, string action) { if (role == EnumHelper.Roles.Admin) { return(true); } // Is permission explicitely granted if (_rolePermissions.Any(r => r.Role.Equals(role.ToString(), StringComparison.CurrentCultureIgnoreCase) && r.Controller.Equals(controller, StringComparison.CurrentCultureIgnoreCase) && r.Action.Equals(action, StringComparison.CurrentCultureIgnoreCase) && r.IsAllowed)) { return(true); } // Is permission explicitly denied if (_rolePermissions.Any(r => r.Role.Equals(role.ToString(), StringComparison.CurrentCultureIgnoreCase) && r.Controller.Equals(controller, StringComparison.CurrentCultureIgnoreCase) && r.Action.Equals(action, StringComparison.CurrentCultureIgnoreCase) && !r.IsAllowed)) { return(false); } // Is permission explicitly denied for Role to full controller if (_rolePermissions.Any(r => r.Role.Equals(role.ToString(), StringComparison.CurrentCultureIgnoreCase) && r.Controller.Equals(controller, StringComparison.CurrentCultureIgnoreCase) && (r.Action == null || r.Action.Trim() == string.Empty) && !r.IsAllowed)) { return(false); } // Revert to default permission using Action keywords // return false if user is a Viewer and wants to access Edit or Delete actions if (role == EnumHelper.Roles.Viewer && (action.Equals("Edit") || action.Equals("Delete"))) { return(false); } else { return(true); } }
protected EnumHelper.Roles GetUserRole(string userId) { var store = new UserStore <ApplicationUser>(DbContext); var manager = new UserManager <ApplicationUser>(store); EnumHelper.Roles userRole = EnumHelper.Roles.Viewer; if (manager.IsInRole(userId, EnumHelper.Roles.Admin.ToString())) { return(EnumHelper.Roles.Admin); } else if (manager.IsInRole(userId, EnumHelper.Roles.Author.ToString())) { return(EnumHelper.Roles.Author); } return(userRole); }
public EnumHelper.Roles GetUserRole() { var store = new UserStore <ApplicationUser>(_context); var manager = new UserManager <ApplicationUser>(store); EnumHelper.Roles userRole = EnumHelper.Roles.Viewer; if (manager.IsInRole(User.Identity.GetUserId(), EnumHelper.Roles.Admin.ToString())) { return(EnumHelper.Roles.Admin); } else if (manager.IsInRole(User.Identity.GetUserId(), EnumHelper.Roles.Author.ToString())) { return(EnumHelper.Roles.Author); } return(userRole); }
/// <summary> /// Returns the table row Edit | Details | Delete links which the user in scope has permission to. /// </summary> /// <param name="html"></param> /// <param name="linkId"></param> /// <returns></returns> public static MvcHtmlString IndexLinks(this HtmlHelper html, object linkId) { // Get the users role EnumHelper.Roles role = EnumHelper.Roles.Viewer; if (HttpContext.Current.User.IsInRole(EnumHelper.Roles.Author.ToString())) { role = EnumHelper.Roles.Author; } else if (HttpContext.Current.User.IsInRole(EnumHelper.Roles.Admin.ToString())) { role = EnumHelper.Roles.Admin; } // Get the current route Controller name var currentRouteData = html.ViewContext.RouteData; string controller = currentRouteData.GetRequiredString("controller"); // Check user permissions CustomApplicationDbContext context = new CustomApplicationDbContext(); IQueryable <RolePermission> rolePermissions = context.RolePermissions; PermissionHelper permissionHelper = new PermissionHelper(rolePermissions); // Build the MvcHtmlString StringBuilder linkStringBuilder = new StringBuilder(); if (permissionHelper.HasPermission(role, controller, "Edit")) { linkStringBuilder.Append(string.Format("{0} |", LinkExtensions.ActionLink(html, "Edit", "Edit", linkId))); } linkStringBuilder.Append(LinkExtensions.ActionLink(html, "Details", "Details", linkId)); if (permissionHelper.HasPermission(role, controller, "Delete")) { linkStringBuilder.Append(string.Format("| {0}", LinkExtensions.ActionLink(html, "Delete", "Delete", linkId))); } return(new MvcHtmlString(linkStringBuilder.ToString())); }