public override void OnActionExecuting(HttpActionContext actionContext)
{
controller = (ApiAuthenticationController)actionContext.ControllerContext.Controller;
var hasClientIdInParameters = actionContext.ActionArguments.Any(a => a.Key == "clientId");
if (hasClientIdInParameters)
{
var isAuthenticatedUser = actionContext.RequestContext.Principal.Identity.IsAuthenticated;
if (!isAuthenticatedUser)
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
base.OnActionExecuting(actionContext);
return;
}
var clientId = (int)actionContext.ActionArguments.First(a => a.Key == "clientId").Value;
var context = new InsideContext();
var userRepository = context.InsideUser;
var userId = actionContext.RequestContext.Principal.Identity.GetUserId();
if (userRepository.Any(u => u.Id == userId && u.Role.Any(r => r.Name == "consultant")))
{
base.OnActionExecuting(actionContext);
}
else if (userRepository.Any(u => u.Id == userId && u.Role.Any(r => r.Name == "demo")))
{
base.OnActionExecuting(actionContext);
}
else if (userRepository.Any(u => u.Id == userId && u.Role.Any(r => r.Name == "sales")))
{
base.OnActionExecuting(actionContext);
}
else if (userRepository.Any(u => u.Id == userId && u.Role.Any(r => r.Name == "client")))
{
var currentUserHasAccess = userRepository.Any((u => u.Id == userId && u.ClientId == clientId));
if (!currentUserHasAccess)
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
base.OnActionExecuting(actionContext);
}
base.OnActionExecuting(actionContext);
}
else
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
base.OnActionExecuting(actionContext);
}
}
else
{
base.OnActionExecuting(actionContext);
}
}
public CcoController(
IRepository<Client> clientRepository,
IRepository<Contact> contactRepository,
IServerTime serverTime,
IIdentityMembershipProvider userManager, InsideContext insideContext, IGoogleAnalyticsApi gaService)
: base(userManager)
{
this.clientRepository = clientRepository;
this.contactRepository = contactRepository;
this.serverTime = serverTime;
this.userManager = userManager;
this.insideContext = insideContext;
this.gaService = gaService;
}
public InsideContext Init()
{
ConfigurationBuilder configurationBuilder = new ConfigurationBuilder();
configurationBuilder.SetBasePath(Directory.GetCurrentDirectory());
configurationBuilder.AddJsonFile("appsettings.json");
Configuration = configurationBuilder.Build();
var connectionString = Configuration.GetConnectionString("DefaultConnection");
if (_dbContext != null)
{
return(_dbContext);
}
var dbContextBuilder = new DbContextOptionsBuilder();
dbContextBuilder.UseSqlServer(connectionString);
_dbContext = new InsideContext(dbContextBuilder.Options);
return(_dbContext);
}
public Repository(Func <InsideContext, DbSet <T> > dbsetFinder, InsideContext context)
{
_dbsetFinder = dbsetFinder;
Context = context;
}
public DevController(InsideContext context, IIdentityMembershipProvider userManager) : base(userManager)
{
this.context = context;
}
