private IHttpHandler ExecutePageAuthorization(RequestContext requestContext)
{
UserAccount accountInfo = UserBLL.GetUserAccount(UserBLL.GetUserId());
//Check against Authorized Routes in database
if (CheckUrlAccess && !IsAuthorized(RouteName, accountInfo.UserId, accountInfo.ScopeId, IsAdminUser(accountInfo)))
{
ShiptalkException.ThrowSecurityException(string.Format("The route {0} is not authorized.", RouteName), "You are not authorized to access this page.", ShiptalkCommon.ShiptalkException.ShiptalkExceptionTypes.UN_AUTHORIZED_EXCEPTION);
}
var page = BuildManager.CreateInstanceFromVirtualPath(VirtualPath, typeof(Page)) as IHttpHandler;
var routeDataPage = page as IRouteDataPage;
var isAuthorizePage = page as IAuthorize;
if (routeDataPage != null)
{
routeDataPage.RouteData = requestContext.RouteData;
routeDataPage.AccountInfo = accountInfo;
}
//Call the Page's IsAuthorized implementation for page level business logic execution
if (isAuthorizePage != null)
{
if (!isAuthorizePage.IsAuthorized())
{
ShiptalkCommon.ShiptalkException.ThrowSecurityException(string.Format("The route {0} is not authorized.", RouteName), "You are not authorized to access this page.", ShiptalkCommon.ShiptalkException.ShiptalkExceptionTypes.UN_AUTHORIZED_EXCEPTION);
}
}
return(page);
}
private void InferRoleSelection()
{
_selectedRole = LookupBLL.Roles.Find(p => p.Id == Int16.Parse(ddlRoles.SelectedValue));
if (_selectedRole == null)
{
ShiptalkException.ThrowSecurityException("Possible role list manipulation. The selected role was not found.", "Sorry. We're unable to serve your request. Please contact support for assistance");
}
}
protected void Page_Load(object sender, EventArgs e)
{
if (!IsAuthorized())
{
ShiptalkException.ThrowSecurityException(string.Format("Access denied. User :{0} cannot create Presenter.", this.AccountInfo.UserId), "You are not authorized to create a Presentor.");
}
InitializeView();
}
protected void Page_Load(object sender, EventArgs e)
{
if (!IsAuthorized())
{
ShiptalkException.ThrowSecurityException(string.Format("Access denied. Profile of UserId:{0} must be edited only by the same user.", UserIdOfProfileToEdit), "The profile of the person editing must match the profile of the person requesting 'Edit my profile' access. Admins must use Edit User functionality.");
}
InitializeView();
}
private bool IsAuthorized()
{
//return AccessRulesBLL.CheckReadOnlyAccess(this.AccountInfo, UserData);
bool AuthResult = AccessRulesBLL.CanViewSubStateUser(UserSubStateRegionData.RegionId, UserSubStateRegionData.IsAdmin, UserData.StateFIPS, ViewerUserData);
if (!AuthResult)
{
ShiptalkException.ThrowSecurityException(string.Format("Access denied. User :{0} cannot view {1}.", this.AccountInfo.UserId, UserData.UserId), "You are not authorized to view the User information.");
}
return(AuthResult);
}
protected void Page_Load(object sender, EventArgs e)
{
if (!IsAuthorized())
{
ShiptalkException.ThrowSecurityException(string.Format("Access denied. User :{0} cannot edit {1}.", this.AccountInfo.UserId, UserData.UserId), "You are not authorized to edit the User information.");
}
InitializeView();
//Pbattineni - 10/08/12
oldEmailId = (formView.FindControl("oldEmail") as TextBox).Text.ToString();
}