/// <summary>
/// special check for Economic Indicators as it depends on sheet Type
/// </summary>
/// <param name="context"></param>
/// <param name="bEUsersPrivilegesRequirementModel"></param>
private void EconomicIndicatorCheck(AuthorizationFilterContext context, BEUsersPrivilegesRequirementModel bEUsersPrivilegesRequirementModel)
{
if (_bEUsersPrivilegesRequirementModel.PageType == PrivilegesPageType.EconomicIndicator)
{
var sheetType = context.HttpContext.Request.Query["sheetType"];
var sheetTypeInt = 0;
if (!string.IsNullOrWhiteSpace(sheetType))
{
sheetTypeInt = int.Parse(sheetType[0]);
}
bEUsersPrivilegesRequirementModel.PageType = SheetType_PrivilegeType.SheetType_PrivilegeType_Map.GetValueOrDefault(sheetTypeInt);
}
}
/// <summary>
/// special check for Page Ministry (ministry vision, ministry mission, ministry speech) as it depends on page Route
/// </summary>
/// <param name="context"></param>
/// <param name="bEUsersPrivilegesRequirementModel"></param>
private void PageMinistryCheck(AuthorizationFilterContext context, BEUsersPrivilegesRequirementModel bEUsersPrivilegesRequirementModel)
{
if (_bEUsersPrivilegesRequirementModel.PageType == PrivilegesPageType.PageMinistry)
{
var pageRouteId = context.HttpContext.Request.Query["pageRouteId"];
var pageRouteIdInt = 0;
if (!string.IsNullOrWhiteSpace(pageRouteId))
{
pageRouteIdInt = int.Parse(pageRouteId[0]);
}
bEUsersPrivilegesRequirementModel.PageType = PrivilegesPageType.StaticPage;
bEUsersPrivilegesRequirementModel.PageId = pageRouteIdInt;
}
}
/// <summary>
/// check user privileges for all actions and allow only who has the permission to access the action
/// </summary>
/// <param name="context"></param>
public void OnAuthorization(AuthorizationFilterContext context)
{
var user = context.HttpContext.User;
if (user.IsInRole(UserRolesConst.SuperAdmin))
{
return;
}
var bEUsersPrivilegesRequirementModel = new BEUsersPrivilegesRequirementModel(_bEUsersPrivilegesRequirementModel.PageType, _bEUsersPrivilegesRequirementModel.PageActions, _bEUsersPrivilegesRequirementModel.PageId);
DynamicPageSectionCheck(context, bEUsersPrivilegesRequirementModel);
PageMinistryCheck(context, bEUsersPrivilegesRequirementModel);
EconomicIndicatorCheck(context, bEUsersPrivilegesRequirementModel);
if (!_bEUsersPrivilegesService.ValidateIBEUsersPrivilegesService(bEUsersPrivilegesRequirementModel, user.FindFirstValue(ClaimTypes.NameIdentifier)))
{
context.Result = new ForbidResult();
}
}
/// <summary>
/// special check for dynamic page section as it depends on page Route Version Id
/// </summary>
/// <param name="context"></param>
/// <param name="bEUsersPrivilegesRequirementModel"></param>
private void DynamicPageSectionCheck(AuthorizationFilterContext context, BEUsersPrivilegesRequirementModel bEUsersPrivilegesRequirementModel)
{
if (_bEUsersPrivilegesRequirementModel.PageType == PrivilegesPageType.DynamicPageSection)
{
var pageRouteVersionId = context.HttpContext.Request.Query["pageRouteVersionId"];
var pageRouteVersionIdInt = 0;
if (!string.IsNullOrWhiteSpace(pageRouteVersionId))
{
pageRouteVersionIdInt = int.Parse(pageRouteVersionId[0]);
}
bEUsersPrivilegesRequirementModel.PageType = PrivilegesPageType.DynamicPage;
var pageRouteVersion = _pageRouteVersionRepository.GetById(pageRouteVersionIdInt);
if (pageRouteVersion != null && pageRouteVersion.PageRouteId != null)
{
bEUsersPrivilegesRequirementModel.PageId = pageRouteVersion.PageRouteId;
}
else
{
bEUsersPrivilegesRequirementModel.PageId = null;
}
}
}
public BEUsersPrivilegesRequirementFilter(BEUsersPrivilegesRequirementModel bEUsersPrivilegesRequirementModel, IBEUsersPrivilegesService bEUsersPrivilegesService, IPageRouteVersionRepository pageRouteVersionRepository)
{
_bEUsersPrivilegesRequirementModel = bEUsersPrivilegesRequirementModel;
_bEUsersPrivilegesService = bEUsersPrivilegesService;
_pageRouteVersionRepository = pageRouteVersionRepository;
}
private bool ValidatePrivileges(BEUsersPrivilegesRequirementModel bEUsersPrivilegesRequirementModel, IEnumerable <BEUsersPrivileges> bEUsersPrivileges)
{
BEUsersPrivileges bEUsersPrivilegesCurrentModel;
//check if the user can approve any page to access the approval notifications
if (bEUsersPrivilegesRequirementModel.PageType == PrivilegesPageType.Approval)
{
return(bEUsersPrivileges.Any(x => x.CanApprove));
}
if (bEUsersPrivilegesRequirementModel.PageId == -1)
{
bEUsersPrivilegesRequirementModel.PageId = null;
}
//check if the user can access any static page
if (bEUsersPrivilegesRequirementModel.PageType == PrivilegesPageType.StaticPage && bEUsersPrivilegesRequirementModel.PageId == null && bEUsersPrivilegesRequirementModel.PageActions.Contains(PrivilegesActions.CanView))
{
return(bEUsersPrivileges.Any(x => x.PageTypeId == PrivilegesPageType.StaticPage && x.CanView));
}
//check if the user can access any dynamic page
if (bEUsersPrivilegesRequirementModel.PageType == PrivilegesPageType.DynamicPage && bEUsersPrivilegesRequirementModel.PageId == null && bEUsersPrivilegesRequirementModel.PageActions.Contains(PrivilegesActions.CanView))
{
return(bEUsersPrivileges.Any(x => x.PageTypeId == PrivilegesPageType.DynamicPage && x.CanView));
}
//check if the user can access dynamic page details
if (bEUsersPrivilegesRequirementModel.PageType == PrivilegesPageType.DynamicPage && bEUsersPrivilegesRequirementModel.PageId == null && bEUsersPrivilegesRequirementModel.PageActions.Contains(PrivilegesActions.CanViewDP_BI))
{
return(bEUsersPrivileges.Any(x => x.PageTypeId == PrivilegesPageType.DynamicPage && x.PageRouteId == null && x.CanView));
}
//check if the user can access static page details
if (bEUsersPrivilegesRequirementModel.PageType == PrivilegesPageType.StaticPage && bEUsersPrivilegesRequirementModel.PageId == null && bEUsersPrivilegesRequirementModel.PageActions.Contains(PrivilegesActions.CanViewSP_BI))
{
return(bEUsersPrivileges.Any(x => x.PageTypeId == PrivilegesPageType.StaticPage && x.PageRouteId == null && x.CanView));
}
if (bEUsersPrivilegesRequirementModel.PageId != null)
{
bEUsersPrivilegesCurrentModel = bEUsersPrivileges.FirstOrDefault(x => x.PageTypeId == bEUsersPrivilegesRequirementModel.PageType && x.PageRouteId == bEUsersPrivilegesRequirementModel.PageId);
}
else
{
bEUsersPrivilegesCurrentModel = bEUsersPrivileges.FirstOrDefault(x => x.PageTypeId == bEUsersPrivilegesRequirementModel.PageType && x.PageRouteId == null);
}
var isAuthorized = false;
//check if the user has any permission that the action allow
foreach (var item in bEUsersPrivilegesRequirementModel.PageActions)
{
switch (item)
{
case PrivilegesActions.CanView:
isAuthorized = bEUsersPrivilegesCurrentModel.CanView;
break;
case PrivilegesActions.CanEdit:
isAuthorized = bEUsersPrivilegesCurrentModel.CanEdit;
break;
case PrivilegesActions.CanDelete:
isAuthorized = bEUsersPrivilegesCurrentModel.CanDelete;
break;
case PrivilegesActions.CanApprove:
isAuthorized = bEUsersPrivilegesCurrentModel.CanApprove;
break;
case PrivilegesActions.CanAdd:
isAuthorized = bEUsersPrivilegesCurrentModel.CanAdd;
break;
}
if (isAuthorized)
{
break;
}
}
return(isAuthorized);
}
public bool ValidateIBEUsersPrivilegesService(BEUsersPrivilegesRequirementModel bEUsersPrivilegesRequirementModel, string userId)
{
var bEUsersPrivileges = _bEUsersPrivilegesRepository.GetUserPrivileges(userId);
return(ValidatePrivileges(bEUsersPrivilegesRequirementModel, bEUsersPrivileges));
}
