public override void OnAuthorization(HttpActionContext actionContext)
{
var actionName = actionContext.ActionDescriptor.ActionName;
if (!string.IsNullOrEmpty(AuthMethod))
{
actionName = AuthMethod;
}
var controllerName = actionContext.ControllerContext.ControllerDescriptor.ControllerName;
var controllerActionsToCheck = actionContext.ControllerContext.ControllerDescriptor.GetCustomAttributes <AuthorizeControllerActionsAttribute>().FirstOrDefault();
bool checkAction = true;
string[] defaultActions = new string[] { "Insert", "IdentityInsert", "Find", "List", "Update", "Delete", "Activate", "Deactivate" };
if (defaultActions.Contains(actionName) && (
(actionName == "Insert" && controllerActionsToCheck.CheckInsert) ||
(actionName == "IdentityInsert" && controllerActionsToCheck.CheckIdentityInsert) ||
(actionName == "Find" && controllerActionsToCheck.CheckFind) ||
(actionName == "List" && controllerActionsToCheck.CheckList) ||
(actionName == "Update" && controllerActionsToCheck.CheckUpdate) ||
(actionName == "Delete" && controllerActionsToCheck.CheckDelete) ||
(actionName == "Activate" && controllerActionsToCheck.CheckActivate) ||
(actionName == "Deactivate" && controllerActionsToCheck.CheckDeactivate)))
{
checkAction = true;
}
else if (defaultActions.Contains(actionName))
{
checkAction = false;
}
if (checkAction)
{
base.OnAuthorization(actionContext);
if (!HttpContext.Current.User.Identity.IsAuthenticated)
{
return;
}
var identity = HttpContext.Current.User.Identity as System.Security.Claims.ClaimsIdentity;
int empresaId = Convert.ToInt32(identity.Claims.Single(x => x.Type == "EmpresaId").Value);
int usuarioId = Convert.ToInt32(identity.Claims.Single(x => x.Type == "Id").Value);
bool usuarioAutorizado = false;
string connectionString = WebConfigManipulation.GetConfig("ConnectionString");
ConnectionEnum connectionType = (ConnectionEnum)Convert.ToInt32(WebConfigManipulation.GetConfig("ConnectionType"));
using (var connectionFactory = new ConnectionFactory(connectionString, connectionType))
usuarioAutorizado = new PermissaoUsuarioDAO(connectionFactory, empresaId).UsuarioPossuiPermissao(usuarioId, controllerName, actionName);
if (!usuarioAutorizado)
{
HandleUnauthorizedRequest(actionContext);
}
}
}
public ParametrosCorporativosController(ApplicationDbContext context)
{
_context = context;
localizacaoDAO = new LocalizacaoDAO(context);
empresaDAO = new EmpresaDAO(context);
setorProprietarioDAO = new SetorProprietarioDAO(context);
fabricanteDAO = new FabricanteDAO(context);
contratoDAO = new ContratoDAO(context);
grupoDAO = new GrupoDAO(context);
permissaoDAO = new PermissaoDAO(context);
permissaoUsuarioDAO = new PermissaoUsuarioDAO(context);
requisicaoDAO = new RequisicaoDAO(context);
purchaseOrderDAO = new PurchaseOrderDAO(context);
identificacaoSistemaDAO = new IdentificacaoSistemaDAO(context);
}