public override void Intercept(IInvocation invocation)
{
var hasRight = true;
var authAttribute = GetAuthAttribute(invocation);
if (!this.IsDecoratedWith <NotLoggedAttribute>(invocation))
{
var name = invocation.MethodInvocationTarget.Name.ToLower();
if (this.User == null && authAttribute.ToLower() == To.Everyone.ToLower())
{
hasRight = true;
}
else if (!string.IsNullOrWhiteSpace(authAttribute))
{
hasRight = IsGrantedWithAttribute(invocation);
}
else if (this.IsWriteMethod(name))
{
hasRight = policy.IsGranted(To.Write, this.User);
}
else if (this.IsReadMethod(name))
{
hasRight = policy.IsGranted(To.Read, this.User);
}
}
if (hasRight)
{
invocation.Proceed();
}
else
{
Logger.WarnFormat("Not granted to execute {0}.{1} [Role: '{2}']"
, invocation.TargetType.Name
, invocation.Method.Name
, (this.User != null && this.User.AssignedRole != null) ? this.User.AssignedRole.Name : "EMPTY");
throw new AuthorisationException(invocation.TargetType, invocation.Method);
}
}
public bool IsUserGranted(string to)
{
return(policy.IsGranted(to, this.user));
}