public override void OnAuthorization(AuthorizationContext context)
{
Logger.Trace("OnAuthorization");
if (Permissions == null)
{
throw new InvalidOperationException("No permission sets found");
}
if (PrincipalProvider == null)
{
throw new InvalidOperationException("No principal provider found");
}
var user = PrincipalProvider.GetCurrent();
var authorized = actions.Any(action => Permissions.CanPerform(user, resourceType, action));
if (authorized)
{
return;
}
context.Result = new HttpForbiddenResult();
Logger.Warn("unauthorized access detected by {0}",
user == null ? "Anonymous" : user.Identity.Name);
}