public UserInfoAccessModel GetPageAccessByGroupNModul(UserInfoModel userInfo, string Modul = "")
{
List <MGroupUserMenuModel> ListAccess = null;
string listGroup = "";
if (userInfo.GroupUser.Any())
{
listGroup = string.Join(",", userInfo.GroupUser.Select(x => x.GroupUserID));
}
ListAccess = this.Lookup_AccessByModulUserID(Modul, userInfo.UserID, listGroup);
UserInfoAccessModel output = new UserInfoAccessModel();
output.AllowCreate = false;
output.AllowRead = false;
output.AllowUpdate = false;
output.AllowDelete = false;
if (ListAccess != null)
{
foreach (MGroupUserMenuModel item in ListAccess)
{
if (item.AllowCreate)
{
output.AllowCreate = true;
}
if (item.AllowRead)
{
output.AllowRead = true;
}
if (item.AllowUpdate)
{
output.AllowUpdate = true;
}
if (item.AllowDelete)
{
output.AllowDelete = true;
}
}
}
return(output);
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
string Module = Users;
using (UnitOfWork uow = new UnitOfWork())
{
string UserName = httpContext.User.Identity.Name;
string PageUrl = httpContext.Request.Path;
if (PageUrl.ToLower().Contains("/index"))
{
PageUrl = PageUrl.ToLower().Replace("/index", "/");
}
//check session tersedia atau enggak
UserInfoModel userInfo = (UserInfoModel)System.Web.HttpContext.Current.Session[Configs.session];
if (!string.IsNullOrEmpty(UserName))
{
if (userInfo == null)
{
userInfo = uow.UserRepository.SelectUserInfo(UserName);
if (userInfo.UserID != 0)
{
System.Web.HttpContext.Current.Session[Configs.session] = userInfo;
}
else
{
FormsAuthentication.SignOut();
return(false);
}
}
//Check Permission
UserInfoAccessModel ugs = uow.GroupUserMenuRepository.GetPageAccessByGroupNModul(userInfo, Module);
UserInfoAccessModel access = new UserInfoAccessModel();
access.AllowCreate = false;
access.AllowRead = false;
access.AllowUpdate = false;
access.AllowDelete = false;
if (ugs != null && !string.IsNullOrEmpty(Roles))
{
access.AllowCreate = ugs.AllowCreate;
access.AllowRead = ugs.AllowRead;
access.AllowUpdate = ugs.AllowUpdate;
access.AllowDelete = ugs.AllowDelete;
userInfo.InfoAccess = access;
System.Web.HttpContext.Current.Session[Configs.session] = userInfo;
switch (Roles.ToLower())
{
case "create":
return(ugs.AllowCreate);
case "read":
return(ugs.AllowRead);
case "update":
return(ugs.AllowUpdate);
case "delete":
return(ugs.AllowDelete);
default:
return(false);
}
}
else if (ugs == null && PageUrl != "" && PageUrl != "/")
{
userInfo.InfoAccess = access;
System.Web.HttpContext.Current.Session[Configs.session] = userInfo;
return(false);
}
userInfo.InfoAccess = access;
System.Web.HttpContext.Current.Session[Configs.session] = userInfo;
}
else
{
FormsAuthentication.SignOut();
return(false);
}
return(base.AuthorizeCore(httpContext));
}
}