/// <summary> /// Add the application screens /// </summary> public void AddApplicationScreens(SharedAssembly.ScreenRoute screens) { object[] objAppScreens = new object[8]; objAppScreens[0] = screens.ActionName; objAppScreens[1] = screens.ControllerName; objAppScreens[2] = screens.AreaName; objAppScreens[3] = screens.LinkText; objAppScreens[4] = screens.GroupMenuTitle; objAppScreens[5] = screens.Read; objAppScreens[6] = screens.Write; objAppScreens[7] = screens.Delete; DataLibrary.ExecuteQuery(ref objAppScreens, "bspAddApplicationScreens"); }
public override void OnActionExecuting(ActionExecutingContext filterContext) { if (filterContext.HttpContext.Request.IsAuthenticated && isApply) { HttpRequest request = new HttpRequest("", filterContext.HttpContext.Request.Url.AbsoluteUri, ""); HttpResponse response = new HttpResponse(new System.IO.StringWriter()); var httpContext = new HttpContext(request, response); var routeData = RouteTable.Routes.GetRouteData(new HttpContextWrapper(httpContext)); string actionName = Convert.ToString(routeData.Values["action"]); string controllerName = Convert.ToString(routeData.Values["controller"]) + "Controller"; string areaName = Convert.ToString(routeData.Values["area"]); SharedAssembly.ScreenRoute screenParameter = new SharedAssembly.ScreenRoute { AreaName = areaName, ActionName = actionName, ControllerName = controllerName }; string userName = Convert.ToString(filterContext.HttpContext.Session["UserId"]); permissionHelper.ResetPermission(); if (!string.IsNullOrWhiteSpace(actionName)) { if (!string.IsNullOrWhiteSpace(userName)) { if (!userRepository.CheckIsUserHasAccessOnScreen(userName, screenParameter)) { filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new { action = "UnAuthorizedAccess", controller = "Account", area = "" })); } } else { filterContext.Controller.TempData["statusMessage"] = "Session Expired"; filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new { action = "Messager", controller = "Account", area = "" })); } } else { filterContext.Controller.TempData["statusMessage"] = "Error in serving the requested page.Please try again."; filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary(new { action = "Messager", controller = "Account", area = "" })); } } }
/// <summary> /// Check is user has access to screen /// </summary> /// <param name="userId">Currently logged in user's Id </param> /// <param name="screenParameters">Screen url parameters</param> /// <returns>True if user has access else false</returns> public bool CheckIsUserHasAccessOnScreen(string userId, SharedAssembly.ScreenRoute screenParameters) { object[] objAppScreens = new object[5]; objAppScreens[0] = userId; objAppScreens[1] = screenParameters.ActionName; objAppScreens[2] = screenParameters.ControllerName; objAppScreens[3] = screenParameters.AreaName; objAppScreens[4] = userSession.CompanyId; bool isReadable = false; SqlDataReader userPermissionReader = DataLibrary.ExecuteReaderSql(ref objAppScreens, "bspIsUserHasAccess"); while (userPermissionReader.Read()) { isReadable = TypeConversionHelper.GetDefaultValueIfNull <bool>(userPermissionReader["isRead"]); permissionHelper.SetPermission(isReadable, TypeConversionHelper.GetDefaultValueIfNull <bool>(userPermissionReader["isWrite"]), TypeConversionHelper.GetDefaultValueIfNull <bool>(userPermissionReader["isDelete"])); } return(isReadable); }