protected override bool AuthorizeCore(HttpContextBase httpContext) { bool isInRole = false; if (!string.IsNullOrWhiteSpace(Roles)) { var roles = Roles.Split(new string[] { "," }, StringSplitOptions.RemoveEmptyEntries); var db = new LunchAccounting.Models.LunchAccountingEntities(); var users = db.Users.Include(a => a.UserGroupMembers); var user = users.Where(p => p.UserName == httpContext.User.Identity.Name).FirstOrDefault(); foreach (var role in roles) { foreach (var userGroupMember in user.UserGroupMembers) { if (userGroupMember.UserGroup.GroupName.Equals(role, StringComparison.OrdinalIgnoreCase)) { isInRole = true; break; } } if (isInRole) { break; } } } return isInRole; }
protected override bool AuthorizeCore(HttpContextBase httpContext) { bool hasAccess = false; var db = new LunchAccounting.Models.LunchAccountingEntities(); var user = db.Users .Include(a => a.UserGroupMembers) .Where(p => p.UserName == httpContext.User.Identity.Name) .FirstOrDefault(); var resource = httpContext.Request.RequestContext.RouteData.Values["controller"].ToString(); var operation = httpContext.Request.RequestContext.RouteData.Values["action"].ToString(); var userAccesses = db.AppResourceAccesses.Include(p => p.AppResource) .Where( p => "User".Equals(p.IdentityType, StringComparison.OrdinalIgnoreCase) && p.Identity_id == user.User_id && resource.Equals(p.AppResource.Resource, StringComparison.OrdinalIgnoreCase) && (p.OperationType == null || p.OperationType == string.Empty || operation.Equals(p.OperationType, StringComparison.OrdinalIgnoreCase)) ); var userGroupIds = user.UserGroupMembers.Select(a => a.UserGroup_id).ToList(); var groupAccesses = db.AppResourceAccesses .Where(p => "UserGroup".Equals( p.IdentityType, StringComparison.OrdinalIgnoreCase) && userGroupIds.Contains(p.Identity_id) && resource.Equals(p.AppResource.Resource, StringComparison.OrdinalIgnoreCase) && (p.OperationType == null || p.OperationType == string.Empty || operation.Equals(p.OperationType, StringComparison.OrdinalIgnoreCase)) ); if (userAccesses.Count() == 0 && groupAccesses.Count() == 0) { var resourceInfo = db.AppResources.Where(p => resource.Equals(p.Resource, StringComparison.OrdinalIgnoreCase)); return resourceInfo.Count() == 1 && "allow".Equals(resourceInfo.First().DefaultAccess, StringComparison.OrdinalIgnoreCase); } foreach (var useraccess in userAccesses) { if ("deny".Equals(useraccess.Access, StringComparison.OrdinalIgnoreCase)) { return false; } if ("allow".Equals(useraccess.Access, StringComparison.OrdinalIgnoreCase)) { hasAccess = true; } } foreach (var groupaccess in groupAccesses) { if ("deny".Equals(groupaccess.Access, StringComparison.OrdinalIgnoreCase)) { return false; } if ("allow".Equals(groupaccess.Access, StringComparison.OrdinalIgnoreCase)) { hasAccess = true; } } return hasAccess; }