protected override void PreActionCheck(ActionExecutingContext filterContext, SessionCache.CachedSession cachedSession) { Context context = new Context(); User user = context.Users.First(u => u.UserID == cachedSession.UserID); permission = context.SitePermissionUsers.FirstOrDefault(spu => spu.UserID == UserID); if (permission == null || (!permission.CanAddCountries && !permission.CanDeleteCountries && !permission.CanManagePermissions)) { filterContext.Result = new HttpUnauthorizedResult("You don't have permission to use the Site Editor"); } }
protected override void OnActionExecuting(ActionExecutingContext filterContext) { SessionID = filterContext.RequestContext.HttpContext.Request.Cookies["cydonSessionID"]?.Value ?? string.Empty; SessionCache sessionCache = Cache.GetCache <SessionCache>(); if (filterContext.RequestContext.HttpContext.Request.QueryString.AllKeys.Contains("forceSessionRefresh")) { sessionCache.ForceRefreshSession(SessionID); } SessionCache.CachedSession cachedSession = sessionCache.GetSessionBySessionID(SessionID); object authorizationAttribute = GetType().GetCustomAttributes(typeof(CydonAuthorizationAttribute), true).FirstOrDefault(); if (authorizationAttribute == null) { authorizationAttribute = filterContext.ActionDescriptor.GetCustomAttributes(typeof(CydonAuthorizationAttribute), true).FirstOrDefault(); } if (authorizationAttribute == null) { if (cachedSession != null && cachedSession.Expiration >= DateTime.Now) { UserID = cachedSession.UserID; } return; } if (cachedSession == null || cachedSession.Expiration < DateTime.Now) { string redirect = Config.INSTANCE.UnauthenticatedRedirect + "?redirectUrl=" + Uri.EscapeDataString(filterContext.RequestContext.HttpContext.Request.Url.ToString()); filterContext.Result = Redirect(redirect); return; } UserID = cachedSession.UserID; cachedSession.ResetSessionExpiration(); if (filterContext.Result == null) { PreActionCheck(filterContext, cachedSession); } }
public ActionResult RefreshSession() { var failed = new { success = false }; var success = new { success = true }; if (SessionID == null) { return(Json(failed)); } SessionCache sessionCache = Cache.GetCache <SessionCache>(); SessionCache.CachedSession cachedSession = sessionCache.GetSessionBySessionID(SessionID); if (cachedSession == null || cachedSession.Expiration < DateTime.Now) { return(Json(failed)); } cachedSession.ResetSessionExpiration(); return(Json(success)); }
protected override void PreActionCheck(ActionExecutingContext filterContext, SessionCache.CachedSession cachedSession) { if (!RouteData.Values.Keys.Contains("countryid")) { if (filterContext.ActionDescriptor.ActionName == "Index") { Permission = null; return; } else { filterContext.Result = HttpNotFound("Country ID was not supplied"); } } if (!long.TryParse(RouteData.Values["countryid"] as string, out long countryID)) { filterContext.Result = HttpNotFound("CountryID is not valid"); return; } CountryID = countryID; Context context = new Context(); IEnumerable <CountryRole> countryRoles = context.Users.First(u => u.UserID == UserID).CountryRoleUsers.Where(cru => cru.CountryRole.CountryID == CountryID).Select(cru => cru.CountryRole); if (!countryRoles.Any(cr => cr.CountryID == CountryID)) { filterContext.Result = new HttpUnauthorizedResult("User does not have access to edit this country"); } Permission = new CountryRole(); Permission.CanAddPages = countryRoles.Any(cr => cr.CountryID == CountryID && cr.CanAddPages); Permission.CanDeletePages = countryRoles.Any(cr => cr.CountryID == CountryID && cr.CanDeletePages); Permission.CanUpdatePermissions = countryRoles.Any(cr => cr.CountryID == CountryID && cr.CanUpdatePermissions); filterContext.Controller.ViewData["Permission"] = Permission; }
protected virtual void PreActionCheck(ActionExecutingContext filterContext, SessionCache.CachedSession cachedSession) { }