/// <summary>
/// Checks whether a User is authenticated (or guests are permitted) and the given action is allowed
/// </summary>
/// <param name="context">HTTP Context</param>
/// <param name="groups">User Groups to test against</param>
/// <param name="action">Action to check for permission for</param>
/// <returns></returns>
public static bool IsAuthenticated(HttpContext context, IEnumerable <UserGroup> groups, String action)
{
if (groups.Any())
{
//Does any Group have this Member and allow this action?
String user = HandlerHelper.GetUsername(context);
if (user != null && !groups.Any(g => g.HasMember(user) && g.IsActionPermitted(context.Request.HttpMethod)))
{
context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
return(false);
}
else if (!groups.Any(g => g.AllowGuests))
{
//No Groups allow guests so we require authentication
context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
return(false);
}
else
{
//No Authorization so does a Group that allows guests allow this action?
if (!groups.Any(g => g.AllowGuests && g.IsActionPermitted(context.Request.HttpMethod)))
{
//There are no Groups that allow guests and allow this action so this is forbidden
context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
return(false);
}
}
}
return(true);
}
/// <summary>
/// Checks whether a User is authenticated (or guests are permitted)
/// </summary>
/// <param name="context">HTTP Context</param>
/// <param name="groups">User Groups to test against</param>
/// <returns></returns>
public static bool IsAuthenticated(HttpContext context, IEnumerable <UserGroup> groups)
{
String user = HandlerHelper.GetUsername(context);
if (groups.Any())
{
if (user != null && groups.Any(g => g.HasMember(user)))
{
//A Group has the given Member so is authenticated
return(true);
}
else if (!groups.Any(g => g.AllowGuests))
{
//No Groups allow guests so we require authentication
context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
return(false);
}
}
return(true);
}
