public override void OnAuthorization(HttpActionContext actionContext)
{
var principal = actionContext.RequestContext.Principal as ClaimsPrincipal;
if (!principal.Identity.IsAuthenticated)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
return;
}
var userStore = new UserStore <ApplicationUser>(new ApplicationDbContext());
var userManager = new UserManager <ApplicationUser>(userStore);
//var user = userManager.FindByNameAsync(principal.Identity.Name);
var user = (new ApplicationDbContext()).Users.Include(x => x.Roles).FirstOrDefault(x => x.UserName == principal.Identity.Name);
if (user == null)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
}
bool hasPermission = false;
foreach (var role in user.Roles)
{
var module = new ModuloRepository().GetByName(Modulo);
var action = new AccionesRepository().GetByName(ActionName, module.ModuloId);
if (action != null && new AccionesRoleRepository().exist(module.ModuloId, action.AccionesId, role.RoleId))
{
hasPermission = true;
break;
}
}
if (!hasPermission)
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Forbidden);
//return Task.FromResult<object>(null);
}
//User is Authorized, complete execution
//return Task.FromResult<object>(null);
}
