/// <summary>
/// Add the application screens
/// </summary>
public void AddApplicationScreens(SharedAssembly.ScreenRoute screens)
{
object[] objAppScreens = new object[8];
objAppScreens[0] = screens.ActionName;
objAppScreens[1] = screens.ControllerName;
objAppScreens[2] = screens.AreaName;
objAppScreens[3] = screens.LinkText;
objAppScreens[4] = screens.GroupMenuTitle;
objAppScreens[5] = screens.Read;
objAppScreens[6] = screens.Write;
objAppScreens[7] = screens.Delete;
DataLibrary.ExecuteQuery(ref objAppScreens, "bspAddApplicationScreens");
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
if (filterContext.HttpContext.Request.IsAuthenticated && isApply)
{
HttpRequest request = new HttpRequest("", filterContext.HttpContext.Request.Url.AbsoluteUri, "");
HttpResponse response = new HttpResponse(new System.IO.StringWriter());
var httpContext = new HttpContext(request, response);
var routeData = RouteTable.Routes.GetRouteData(new HttpContextWrapper(httpContext));
string actionName = Convert.ToString(routeData.Values["action"]);
string controllerName = Convert.ToString(routeData.Values["controller"]) + "Controller";
string areaName = Convert.ToString(routeData.Values["area"]);
SharedAssembly.ScreenRoute screenParameter = new SharedAssembly.ScreenRoute
{
AreaName = areaName,
ActionName = actionName,
ControllerName = controllerName
};
string userName = Convert.ToString(filterContext.HttpContext.Session["UserId"]);
permissionHelper.ResetPermission();
if (!string.IsNullOrWhiteSpace(actionName))
{
if (!string.IsNullOrWhiteSpace(userName))
{
if (!userRepository.CheckIsUserHasAccessOnScreen(userName, screenParameter))
{
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new { action = "UnAuthorizedAccess", controller = "Account", area = "" }));
}
}
else
{
filterContext.Controller.TempData["statusMessage"] = "Session Expired";
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new { action = "Messager", controller = "Account", area = "" }));
}
}
else
{
filterContext.Controller.TempData["statusMessage"] = "Error in serving the requested page.Please try again.";
filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new { action = "Messager", controller = "Account", area = "" }));
}
}
}
/// <summary>
/// Check is user has access to screen
/// </summary>
/// <param name="userId">Currently logged in user's Id </param>
/// <param name="screenParameters">Screen url parameters</param>
/// <returns>True if user has access else false</returns>
public bool CheckIsUserHasAccessOnScreen(string userId, SharedAssembly.ScreenRoute screenParameters)
{
object[] objAppScreens = new object[5];
objAppScreens[0] = userId;
objAppScreens[1] = screenParameters.ActionName;
objAppScreens[2] = screenParameters.ControllerName;
objAppScreens[3] = screenParameters.AreaName;
objAppScreens[4] = userSession.CompanyId;
bool isReadable = false;
SqlDataReader userPermissionReader = DataLibrary.ExecuteReaderSql(ref objAppScreens, "bspIsUserHasAccess");
while (userPermissionReader.Read())
{
isReadable = TypeConversionHelper.GetDefaultValueIfNull <bool>(userPermissionReader["isRead"]);
permissionHelper.SetPermission(isReadable,
TypeConversionHelper.GetDefaultValueIfNull <bool>(userPermissionReader["isWrite"]),
TypeConversionHelper.GetDefaultValueIfNull <bool>(userPermissionReader["isDelete"]));
}
return(isReadable);
}
