public override void OnActionExecuting(ActionExecutingContext filterContext)
{
var reportID = Convert.ToInt32(filterContext.ActionParameters["id"]);
var report = ReportsManager.GetByID(reportID);
int userID = 0;
bool hasID = int.TryParse(filterContext.HttpContext.Session["CurrentUserID"].ToString(), out userID);
if (!hasID)
{
filterContext.Controller.TempData["FlashMessage"] = "Please select a valid User to access their reports.";
//Change the Result to point back to Home/Index
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new { controller = "Home", action = "Index" }));
}
else //We have selected a valid user
{
if (report.UserID != userID)
{
filterContext.Controller.TempData["FlashMessage"] = "You cannot view Reports you have not created.";
//Change the Result to point back to Home/Index
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new { controller = "Home", action = "Index" }));
}
}
base.OnActionExecuting(filterContext);
}
