public UserInfoAccessModel GetPageAccessByGroupNModul(UserInfoModel userInfo, string Modul = "")
        {
            List <MGroupUserMenuModel> ListAccess = null;

            string listGroup = "";

            if (userInfo.GroupUser.Any())
            {
                listGroup = string.Join(",", userInfo.GroupUser.Select(x => x.GroupUserID));
            }

            ListAccess = this.Lookup_AccessByModulUserID(Modul, userInfo.UserID, listGroup);



            UserInfoAccessModel output = new UserInfoAccessModel();

            output.AllowCreate = false;
            output.AllowRead   = false;
            output.AllowUpdate = false;
            output.AllowDelete = false;

            if (ListAccess != null)
            {
                foreach (MGroupUserMenuModel item in ListAccess)
                {
                    if (item.AllowCreate)
                    {
                        output.AllowCreate = true;
                    }
                    if (item.AllowRead)
                    {
                        output.AllowRead = true;
                    }
                    if (item.AllowUpdate)
                    {
                        output.AllowUpdate = true;
                    }
                    if (item.AllowDelete)
                    {
                        output.AllowDelete = true;
                    }
                }
            }

            return(output);
        }
Esempio n. 2
0
        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            string Module = Users;

            using (UnitOfWork uow = new UnitOfWork())
            {
                string UserName = httpContext.User.Identity.Name;
                string PageUrl  = httpContext.Request.Path;

                if (PageUrl.ToLower().Contains("/index"))
                {
                    PageUrl = PageUrl.ToLower().Replace("/index", "/");
                }

                //check session tersedia atau enggak
                UserInfoModel userInfo = (UserInfoModel)System.Web.HttpContext.Current.Session[Configs.session];

                if (!string.IsNullOrEmpty(UserName))
                {
                    if (userInfo == null)
                    {
                        userInfo = uow.UserRepository.SelectUserInfo(UserName);
                        if (userInfo.UserID != 0)
                        {
                            System.Web.HttpContext.Current.Session[Configs.session] = userInfo;
                        }
                        else
                        {
                            FormsAuthentication.SignOut();
                            return(false);
                        }
                    }

                    //Check Permission
                    UserInfoAccessModel ugs    = uow.GroupUserMenuRepository.GetPageAccessByGroupNModul(userInfo, Module);
                    UserInfoAccessModel access = new UserInfoAccessModel();
                    access.AllowCreate = false;
                    access.AllowRead   = false;
                    access.AllowUpdate = false;
                    access.AllowDelete = false;

                    if (ugs != null && !string.IsNullOrEmpty(Roles))
                    {
                        access.AllowCreate  = ugs.AllowCreate;
                        access.AllowRead    = ugs.AllowRead;
                        access.AllowUpdate  = ugs.AllowUpdate;
                        access.AllowDelete  = ugs.AllowDelete;
                        userInfo.InfoAccess = access;
                        System.Web.HttpContext.Current.Session[Configs.session] = userInfo;



                        switch (Roles.ToLower())
                        {
                        case "create":
                            return(ugs.AllowCreate);

                        case "read":
                            return(ugs.AllowRead);

                        case "update":
                            return(ugs.AllowUpdate);

                        case "delete":
                            return(ugs.AllowDelete);

                        default:
                            return(false);
                        }
                    }
                    else if (ugs == null && PageUrl != "" && PageUrl != "/")
                    {
                        userInfo.InfoAccess = access;
                        System.Web.HttpContext.Current.Session[Configs.session] = userInfo;

                        return(false);
                    }

                    userInfo.InfoAccess = access;
                    System.Web.HttpContext.Current.Session[Configs.session] = userInfo;
                }
                else
                {
                    FormsAuthentication.SignOut();
                    return(false);
                }

                return(base.AuthorizeCore(httpContext));
            }
        }