protected override void PreActionCheck(ActionExecutingContext filterContext, SessionCache.CachedSession cachedSession)
{
Context context = new Context();
User user = context.Users.First(u => u.UserID == cachedSession.UserID);
permission = context.SitePermissionUsers.FirstOrDefault(spu => spu.UserID == UserID);
if (permission == null || (!permission.CanAddCountries && !permission.CanDeleteCountries && !permission.CanManagePermissions))
{
filterContext.Result = new HttpUnauthorizedResult("You don't have permission to use the Site Editor");
}
}
protected override void OnActionExecuting(ActionExecutingContext filterContext)
{
SessionID = filterContext.RequestContext.HttpContext.Request.Cookies["cydonSessionID"]?.Value ?? string.Empty;
SessionCache sessionCache = Cache.GetCache <SessionCache>();
if (filterContext.RequestContext.HttpContext.Request.QueryString.AllKeys.Contains("forceSessionRefresh"))
{
sessionCache.ForceRefreshSession(SessionID);
}
SessionCache.CachedSession cachedSession = sessionCache.GetSessionBySessionID(SessionID);
object authorizationAttribute = GetType().GetCustomAttributes(typeof(CydonAuthorizationAttribute), true).FirstOrDefault();
if (authorizationAttribute == null)
{
authorizationAttribute = filterContext.ActionDescriptor.GetCustomAttributes(typeof(CydonAuthorizationAttribute), true).FirstOrDefault();
}
if (authorizationAttribute == null)
{
if (cachedSession != null && cachedSession.Expiration >= DateTime.Now)
{
UserID = cachedSession.UserID;
}
return;
}
if (cachedSession == null || cachedSession.Expiration < DateTime.Now)
{
string redirect = Config.INSTANCE.UnauthenticatedRedirect + "?redirectUrl=" + Uri.EscapeDataString(filterContext.RequestContext.HttpContext.Request.Url.ToString());
filterContext.Result = Redirect(redirect);
return;
}
UserID = cachedSession.UserID;
cachedSession.ResetSessionExpiration();
if (filterContext.Result == null)
{
PreActionCheck(filterContext, cachedSession);
}
}
public ActionResult RefreshSession()
{
var failed = new { success = false };
var success = new { success = true };
if (SessionID == null)
{
return(Json(failed));
}
SessionCache sessionCache = Cache.GetCache <SessionCache>();
SessionCache.CachedSession cachedSession = sessionCache.GetSessionBySessionID(SessionID);
if (cachedSession == null || cachedSession.Expiration < DateTime.Now)
{
return(Json(failed));
}
cachedSession.ResetSessionExpiration();
return(Json(success));
}
protected override void PreActionCheck(ActionExecutingContext filterContext, SessionCache.CachedSession cachedSession)
{
if (!RouteData.Values.Keys.Contains("countryid"))
{
if (filterContext.ActionDescriptor.ActionName == "Index")
{
Permission = null;
return;
}
else
{
filterContext.Result = HttpNotFound("Country ID was not supplied");
}
}
if (!long.TryParse(RouteData.Values["countryid"] as string, out long countryID))
{
filterContext.Result = HttpNotFound("CountryID is not valid");
return;
}
CountryID = countryID;
Context context = new Context();
IEnumerable <CountryRole> countryRoles = context.Users.First(u => u.UserID == UserID).CountryRoleUsers.Where(cru => cru.CountryRole.CountryID == CountryID).Select(cru => cru.CountryRole);
if (!countryRoles.Any(cr => cr.CountryID == CountryID))
{
filterContext.Result = new HttpUnauthorizedResult("User does not have access to edit this country");
}
Permission = new CountryRole();
Permission.CanAddPages = countryRoles.Any(cr => cr.CountryID == CountryID && cr.CanAddPages);
Permission.CanDeletePages = countryRoles.Any(cr => cr.CountryID == CountryID && cr.CanDeletePages);
Permission.CanUpdatePermissions = countryRoles.Any(cr => cr.CountryID == CountryID && cr.CanUpdatePermissions);
filterContext.Controller.ViewData["Permission"] = Permission;
}
protected virtual void PreActionCheck(ActionExecutingContext filterContext, SessionCache.CachedSession cachedSession)
{
}
