protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (UserName == "" || Password == "")
{
return(false);
}
if (accountService.Authentication(UserName, Password) == 0)
{
if (CurrentUser != null)
{
var userGroupIds = CurrentUser.UserGroupIds.GetIds();
foreach (var userGroupId in userGroupIds)
{
if (userGroupId == 1)//super admin
{
return(true);
}
if (userGroupId != 0 && userGroupId != 1 && !string.IsNullOrEmpty(UserGroupTypes))
{
var usergroup = accountService.GetUserGroup(userGroupId);
if (usergroup != null && UserGroupTypes.Contains(usergroup.Type))
{
return(true);
}
}
}
}
return(false);
}
else
{
return(false);
}
}
private static UserGroup CreateSystemUserGroup(IApplicationUser user, string name, string[] userRoles, UserGroupTypes userGroupType)
{
UserGroup result = new UserGroup();
result.Init(user, null);
result.name = name;
result.UserGroupType = userGroupType;
result.userRoles = userRoles;
return(result);
}
/// <summary>
/// Does the user have access to the gate
/// </summary>
/// <param name="gate">gate</param>
/// <returns>true if the user have access, false otherwise</returns>
private bool DoesUserHaveAccess(IGate gate)
{
bool grantAccess = true;
UserGroupTypes userType = gate.UserTypes;
if (userType != UserGroupTypes.Unspecified)
{
grantAccess = false;
}
if ((UserGroupTypes.Dogfood & userType) == UserGroupTypes.Dogfood)
{
grantAccess = Request?.Users != null && Request.Users.Any(user => user != null && user.IsDogfoodUser);
}
if (!grantAccess && ((UserGroupTypes.CustomGroup & userType) == UserGroupTypes.CustomGroup))
{
HashSet <string> users = gate.Users;
if (Request?.Users != null)
{
grantAccess = Request.Users.Any(user =>
{
if (user != null && user.UserIdentifier != null)
{
if (users.Contains(user.UserIdentifier))
{
return(true);
}
int atIndex = user.UserIdentifier.LastIndexOf('@');
if (atIndex >= 0)
{
string domain = user.UserIdentifier.Substring(atIndex);
return(users.Contains(domain));
}
}
return(false);
});
}
if (!grantAccess)
{
ULSLogging.LogTraceTag(0x23821061 /* tag_967b7 */, Categories.GateSelection, Levels.Verbose,
"Not allowing access to gate '{0}' as user is not part of the set of users that have access.",
gate.Name);
}
}
else if (!grantAccess)
{
ULSLogging.LogTraceTag(0x23821062 /* tag_967b8 */, Categories.GateSelection, Levels.Verbose,
"Not allowing access to gate '{0}' as user is not of the accepted user type '{1}'.",
gate.Name, userType);
}
if (!grantAccess)
{
return(false);
}
// Walk the hierarchy to see if we need to check additional access (if UserTypes is not null)
IGate parent = gate;
while ((parent = parent.ParentGate) != null)
{
if ((parent.UserTypes & UserGroupTypes.Dogfood) == UserGroupTypes.Dogfood)
{
// Because the parent gate contains a user type restriction that cannot be denormalized,
// check the access on the parent gate as well.
if (!DoesUserHaveAccess(parent))
{
grantAccess = false;
break;
}
}
}
return(grantAccess);
}
