/// <summary>
/// Sets whether the user is authorized to access the resource.
/// </summary>
/// <param name="httpContext"> The http context. </param>
/// <returns> The <see cref="bool"/>. </returns>
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
// Not logged in? Send to error page
var authorized = base.AuthorizeCore(httpContext);
if (!authorized)
{
return(false);
}
// Admins can do anything.
if (httpContext.User.IsInRole("1"))
{
return(true);
}
// Otherwise we are looking a provider.
// Get the ID of the resource requested.
var routeData = httpContext.Request.RequestContext.RouteData;
var id = int.Parse(routeData.Values["id"].ToString());
// Get the user's id and look them up
var userId = httpContext.User.Identity.Name;
var logics = new AccountLogics();
var userInfo = logics.GetUser(int.Parse(userId));
// Verify the user is tied to the same provider Id as the resource requested.
return(id == userInfo.ProviderId);
}
/// <summary>
/// Initialize for all controllers that need access to the user id.
/// </summary>
/// <param name="requestContext">
/// The request context.
/// </param>
protected override void Initialize(RequestContext requestContext)
{
base.Initialize(requestContext);
if (requestContext.HttpContext.User.Identity.IsAuthenticated)
{
this.UserId = int.Parse(requestContext.HttpContext.User.Identity.Name);
ViewBag.UserId = this.UserId;
var logics = new AccountLogics();
var userInfo = logics.GetUser(this.UserId);
if (userInfo != null)
{
// Verify the user is tied to the same provider Id as the resource requested.
ViewBag.ServiceProviderId = userInfo.ProviderId;
}
}
}
