/// <summary> /// special check for Economic Indicators as it depends on sheet Type /// </summary> /// <param name="context"></param> /// <param name="bEUsersPrivilegesRequirementModel"></param> private void EconomicIndicatorCheck(AuthorizationFilterContext context, BEUsersPrivilegesRequirementModel bEUsersPrivilegesRequirementModel) { if (_bEUsersPrivilegesRequirementModel.PageType == PrivilegesPageType.EconomicIndicator) { var sheetType = context.HttpContext.Request.Query["sheetType"]; var sheetTypeInt = 0; if (!string.IsNullOrWhiteSpace(sheetType)) { sheetTypeInt = int.Parse(sheetType[0]); } bEUsersPrivilegesRequirementModel.PageType = SheetType_PrivilegeType.SheetType_PrivilegeType_Map.GetValueOrDefault(sheetTypeInt); } }
/// <summary> /// special check for Page Ministry (ministry vision, ministry mission, ministry speech) as it depends on page Route /// </summary> /// <param name="context"></param> /// <param name="bEUsersPrivilegesRequirementModel"></param> private void PageMinistryCheck(AuthorizationFilterContext context, BEUsersPrivilegesRequirementModel bEUsersPrivilegesRequirementModel) { if (_bEUsersPrivilegesRequirementModel.PageType == PrivilegesPageType.PageMinistry) { var pageRouteId = context.HttpContext.Request.Query["pageRouteId"]; var pageRouteIdInt = 0; if (!string.IsNullOrWhiteSpace(pageRouteId)) { pageRouteIdInt = int.Parse(pageRouteId[0]); } bEUsersPrivilegesRequirementModel.PageType = PrivilegesPageType.StaticPage; bEUsersPrivilegesRequirementModel.PageId = pageRouteIdInt; } }
/// <summary> /// check user privileges for all actions and allow only who has the permission to access the action /// </summary> /// <param name="context"></param> public void OnAuthorization(AuthorizationFilterContext context) { var user = context.HttpContext.User; if (user.IsInRole(UserRolesConst.SuperAdmin)) { return; } var bEUsersPrivilegesRequirementModel = new BEUsersPrivilegesRequirementModel(_bEUsersPrivilegesRequirementModel.PageType, _bEUsersPrivilegesRequirementModel.PageActions, _bEUsersPrivilegesRequirementModel.PageId); DynamicPageSectionCheck(context, bEUsersPrivilegesRequirementModel); PageMinistryCheck(context, bEUsersPrivilegesRequirementModel); EconomicIndicatorCheck(context, bEUsersPrivilegesRequirementModel); if (!_bEUsersPrivilegesService.ValidateIBEUsersPrivilegesService(bEUsersPrivilegesRequirementModel, user.FindFirstValue(ClaimTypes.NameIdentifier))) { context.Result = new ForbidResult(); } }
/// <summary> /// special check for dynamic page section as it depends on page Route Version Id /// </summary> /// <param name="context"></param> /// <param name="bEUsersPrivilegesRequirementModel"></param> private void DynamicPageSectionCheck(AuthorizationFilterContext context, BEUsersPrivilegesRequirementModel bEUsersPrivilegesRequirementModel) { if (_bEUsersPrivilegesRequirementModel.PageType == PrivilegesPageType.DynamicPageSection) { var pageRouteVersionId = context.HttpContext.Request.Query["pageRouteVersionId"]; var pageRouteVersionIdInt = 0; if (!string.IsNullOrWhiteSpace(pageRouteVersionId)) { pageRouteVersionIdInt = int.Parse(pageRouteVersionId[0]); } bEUsersPrivilegesRequirementModel.PageType = PrivilegesPageType.DynamicPage; var pageRouteVersion = _pageRouteVersionRepository.GetById(pageRouteVersionIdInt); if (pageRouteVersion != null && pageRouteVersion.PageRouteId != null) { bEUsersPrivilegesRequirementModel.PageId = pageRouteVersion.PageRouteId; } else { bEUsersPrivilegesRequirementModel.PageId = null; } } }
public BEUsersPrivilegesRequirementFilter(BEUsersPrivilegesRequirementModel bEUsersPrivilegesRequirementModel, IBEUsersPrivilegesService bEUsersPrivilegesService, IPageRouteVersionRepository pageRouteVersionRepository) { _bEUsersPrivilegesRequirementModel = bEUsersPrivilegesRequirementModel; _bEUsersPrivilegesService = bEUsersPrivilegesService; _pageRouteVersionRepository = pageRouteVersionRepository; }
private bool ValidatePrivileges(BEUsersPrivilegesRequirementModel bEUsersPrivilegesRequirementModel, IEnumerable <BEUsersPrivileges> bEUsersPrivileges) { BEUsersPrivileges bEUsersPrivilegesCurrentModel; //check if the user can approve any page to access the approval notifications if (bEUsersPrivilegesRequirementModel.PageType == PrivilegesPageType.Approval) { return(bEUsersPrivileges.Any(x => x.CanApprove)); } if (bEUsersPrivilegesRequirementModel.PageId == -1) { bEUsersPrivilegesRequirementModel.PageId = null; } //check if the user can access any static page if (bEUsersPrivilegesRequirementModel.PageType == PrivilegesPageType.StaticPage && bEUsersPrivilegesRequirementModel.PageId == null && bEUsersPrivilegesRequirementModel.PageActions.Contains(PrivilegesActions.CanView)) { return(bEUsersPrivileges.Any(x => x.PageTypeId == PrivilegesPageType.StaticPage && x.CanView)); } //check if the user can access any dynamic page if (bEUsersPrivilegesRequirementModel.PageType == PrivilegesPageType.DynamicPage && bEUsersPrivilegesRequirementModel.PageId == null && bEUsersPrivilegesRequirementModel.PageActions.Contains(PrivilegesActions.CanView)) { return(bEUsersPrivileges.Any(x => x.PageTypeId == PrivilegesPageType.DynamicPage && x.CanView)); } //check if the user can access dynamic page details if (bEUsersPrivilegesRequirementModel.PageType == PrivilegesPageType.DynamicPage && bEUsersPrivilegesRequirementModel.PageId == null && bEUsersPrivilegesRequirementModel.PageActions.Contains(PrivilegesActions.CanViewDP_BI)) { return(bEUsersPrivileges.Any(x => x.PageTypeId == PrivilegesPageType.DynamicPage && x.PageRouteId == null && x.CanView)); } //check if the user can access static page details if (bEUsersPrivilegesRequirementModel.PageType == PrivilegesPageType.StaticPage && bEUsersPrivilegesRequirementModel.PageId == null && bEUsersPrivilegesRequirementModel.PageActions.Contains(PrivilegesActions.CanViewSP_BI)) { return(bEUsersPrivileges.Any(x => x.PageTypeId == PrivilegesPageType.StaticPage && x.PageRouteId == null && x.CanView)); } if (bEUsersPrivilegesRequirementModel.PageId != null) { bEUsersPrivilegesCurrentModel = bEUsersPrivileges.FirstOrDefault(x => x.PageTypeId == bEUsersPrivilegesRequirementModel.PageType && x.PageRouteId == bEUsersPrivilegesRequirementModel.PageId); } else { bEUsersPrivilegesCurrentModel = bEUsersPrivileges.FirstOrDefault(x => x.PageTypeId == bEUsersPrivilegesRequirementModel.PageType && x.PageRouteId == null); } var isAuthorized = false; //check if the user has any permission that the action allow foreach (var item in bEUsersPrivilegesRequirementModel.PageActions) { switch (item) { case PrivilegesActions.CanView: isAuthorized = bEUsersPrivilegesCurrentModel.CanView; break; case PrivilegesActions.CanEdit: isAuthorized = bEUsersPrivilegesCurrentModel.CanEdit; break; case PrivilegesActions.CanDelete: isAuthorized = bEUsersPrivilegesCurrentModel.CanDelete; break; case PrivilegesActions.CanApprove: isAuthorized = bEUsersPrivilegesCurrentModel.CanApprove; break; case PrivilegesActions.CanAdd: isAuthorized = bEUsersPrivilegesCurrentModel.CanAdd; break; } if (isAuthorized) { break; } } return(isAuthorized); }
public bool ValidateIBEUsersPrivilegesService(BEUsersPrivilegesRequirementModel bEUsersPrivilegesRequirementModel, string userId) { var bEUsersPrivileges = _bEUsersPrivilegesRepository.GetUserPrivileges(userId); return(ValidatePrivileges(bEUsersPrivilegesRequirementModel, bEUsersPrivileges)); }