protected override bool AuthorizeCore(HttpContextBase httpContext) { if (UserName == "" || Password == "") { return(false); } if (accountService.Authentication(UserName, Password) == 0) { if (CurrentUser != null) { var userGroupIds = CurrentUser.UserGroupIds.GetIds(); foreach (var userGroupId in userGroupIds) { if (userGroupId == 1)//super admin { return(true); } if (userGroupId != 0 && userGroupId != 1 && !string.IsNullOrEmpty(UserGroupTypes)) { var usergroup = accountService.GetUserGroup(userGroupId); if (usergroup != null && UserGroupTypes.Contains(usergroup.Type)) { return(true); } } } } return(false); } else { return(false); } }
private static UserGroup CreateSystemUserGroup(IApplicationUser user, string name, string[] userRoles, UserGroupTypes userGroupType) { UserGroup result = new UserGroup(); result.Init(user, null); result.name = name; result.UserGroupType = userGroupType; result.userRoles = userRoles; return(result); }
/// <summary> /// Does the user have access to the gate /// </summary> /// <param name="gate">gate</param> /// <returns>true if the user have access, false otherwise</returns> private bool DoesUserHaveAccess(IGate gate) { bool grantAccess = true; UserGroupTypes userType = gate.UserTypes; if (userType != UserGroupTypes.Unspecified) { grantAccess = false; } if ((UserGroupTypes.Dogfood & userType) == UserGroupTypes.Dogfood) { grantAccess = Request?.Users != null && Request.Users.Any(user => user != null && user.IsDogfoodUser); } if (!grantAccess && ((UserGroupTypes.CustomGroup & userType) == UserGroupTypes.CustomGroup)) { HashSet <string> users = gate.Users; if (Request?.Users != null) { grantAccess = Request.Users.Any(user => { if (user != null && user.UserIdentifier != null) { if (users.Contains(user.UserIdentifier)) { return(true); } int atIndex = user.UserIdentifier.LastIndexOf('@'); if (atIndex >= 0) { string domain = user.UserIdentifier.Substring(atIndex); return(users.Contains(domain)); } } return(false); }); } if (!grantAccess) { ULSLogging.LogTraceTag(0x23821061 /* tag_967b7 */, Categories.GateSelection, Levels.Verbose, "Not allowing access to gate '{0}' as user is not part of the set of users that have access.", gate.Name); } } else if (!grantAccess) { ULSLogging.LogTraceTag(0x23821062 /* tag_967b8 */, Categories.GateSelection, Levels.Verbose, "Not allowing access to gate '{0}' as user is not of the accepted user type '{1}'.", gate.Name, userType); } if (!grantAccess) { return(false); } // Walk the hierarchy to see if we need to check additional access (if UserTypes is not null) IGate parent = gate; while ((parent = parent.ParentGate) != null) { if ((parent.UserTypes & UserGroupTypes.Dogfood) == UserGroupTypes.Dogfood) { // Because the parent gate contains a user type restriction that cannot be denormalized, // check the access on the parent gate as well. if (!DoesUserHaveAccess(parent)) { grantAccess = false; break; } } } return(grantAccess); }