protected override void OnAuthorization(AuthorizationContext filterContext)
{
bool skipAuthorization = filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), inherit: true)
|| filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), inherit: true);
if (skipAuthorization)
return;
var user = filterContext.HttpContext.User;
if (user == null || !user.Identity.IsAuthenticated)
{
filterContext.Result = new HttpUnauthorizedResult();
return;
}
if (Session[Application.Session.Permisson] == null)
{
filterContext.Result = new HttpUnauthorizedResult();
return;
}
AppPermission appPermission = Session[Application.Session.Permisson] as AppPermission;
this.userInfo = appPermission.UserInfo;
string areaName = filterContext.RequestContext.RouteData.DataTokens["Area"] as string?? "";
string controllnerName = filterContext.RequestContext.RouteData.Values["Controller"].ToString();
string actionName = filterContext.RequestContext.RouteData.Values["Action"].ToString();
this.permisson = appPermission.getPermision(areaName, controllnerName);
permisson.appPermisson = appPermission;
ViewBag.Permisson = this.permisson;
if (!permisson.hasPermisson(actionName))
{
filterContext.Result = new HttpStatusCodeResult(HttpStatusCode.Forbidden);
return;
}
if (Session[Application.Session.Message] != null)
{
ViewBag.Message = Session[Application.Session.Message];
Session[Application.Session.Message] = null;
}
base.OnAuthorization(filterContext);
}
