public override bool CanAccessResource(PermissionContext permissionContext) { var user = permissionContext.User; UserRoleFlags userRoles = 0; userRoles |= user.IsOwner ? UserRoleFlags.Owner : 0; userRoles |= user.AdministratorId != null ? UserRoleFlags.Administrator : 0; userRoles |= user.SecretaryId != null ? UserRoleFlags.Secretary : 0; userRoles |= user.DoctorId != null ? UserRoleFlags.Doctor : 0; return (userRoles & this.RoleFlags) != 0; }
/// <summary> /// Checks whether the current user can access the specified action. /// At this moment it looks only at PermissionAttribute attributes. /// </summary> /// <param name="this">The current view page.</param> /// <param name="action">Action name to test.</param> /// <param name="controller">Controller name to test.</param> /// <param name="method">Http method to differentiate GET, HEAD, POST, PUT and DELETE actions.</param> /// <param name="routeValues">An object containing the route values for the action. </param> /// <returns>Returns true if the current user has access to the given action; otherwise false. </returns> public static bool CanAccessAction( this WebViewPage @this, [AspMvcAction]string action = null, [AspMvcController]string controller = null, string method = "GET", object routeValues = null) { // TODO: must cache all of these informations if (@this == null) throw new ArgumentNullException("this"); var routeValuesDic = new RouteValueDictionary(routeValues); var mvcHelper = new MvcActionHelper( @this.ViewContext.Controller.ControllerContext, action, controller, method, routeValuesDic); if (mvcHelper.ActionDescriptor == null) { // The view does not exist... this means that nobody can access it. return false; } if (routeValues != null) { // checking action parameters var actionParams = mvcHelper.ActionDescriptor.GetParameters(); // todo: check routeValuesDic to see if the contained values fit the actionParams // todo: maybe we should try to bind values (it could be slow) } // Getting the current DB User... (the logged user). var cerebelloController = @this.ViewContext.Controller as CerebelloController; User dbUser = null; if (cerebelloController != null) { cerebelloController.InitDb(); cerebelloController.InitDbUser(@this.Request.RequestContext); dbUser = cerebelloController.DbUser; } // If there is a logged user, then use permission attributes to determine whether user has access or not. if (dbUser != null) { var attributes = mvcHelper .GetFilters() .Select(f => f.Instance) .OfType<PermissionAttribute>() .ToArray(); var permissionContext = new PermissionContext { User = dbUser, ControllerContext = mvcHelper.MockControllerContext, }; var result = !attributes.Any() || attributes.All(pa => pa.CanAccessResource(permissionContext)); return result; } return false; }
/// <summary> /// Checks whether the current user can access the specified action. /// At this moment it looks only at PermissionAttribute attributes. /// </summary> /// <param name="this">The current view page.</param> /// <param name="action">Action name to test.</param> /// <param name="controller">Controller name to test.</param> /// <param name="method">Http method to differentiate GET, HEAD, POST, PUT and DELETE actions.</param> /// <param name="routeValues">An object containing the route values for the action. </param> /// <returns>Returns true if the current user has access to the given action; otherwise false. </returns> public static bool CanAccessAction( this WebViewPage @this, [AspMvcAction] string action = null, [AspMvcController] string controller = null, string method = "GET", object routeValues = null) { // TODO: must cache all of these informations if (@this == null) { throw new ArgumentNullException("this"); } var routeValuesDic = new RouteValueDictionary(routeValues); var mvcHelper = new MvcActionHelper( @this.ViewContext.Controller.ControllerContext, action, controller, method, routeValuesDic); if (mvcHelper.ActionDescriptor == null) { // The view does not exist... this means that nobody can access it. return(false); } if (routeValues != null) { // checking action parameters var actionParams = mvcHelper.ActionDescriptor.GetParameters(); // todo: check routeValuesDic to see if the contained values fit the actionParams // todo: maybe we should try to bind values (it could be slow) } // Getting the current DB User... (the logged user). var cerebelloController = @this.ViewContext.Controller as CerebelloController; User dbUser = null; if (cerebelloController != null) { cerebelloController.InitDb(); cerebelloController.InitDbUser(@this.Request.RequestContext); dbUser = cerebelloController.DbUser; } // If there is a logged user, then use permission attributes to determine whether user has access or not. if (dbUser != null) { var attributes = mvcHelper .GetFilters() .Select(f => f.Instance) .OfType <PermissionAttribute>() .ToArray(); var permissionContext = new PermissionContext { User = dbUser, ControllerContext = mvcHelper.MockControllerContext, }; var result = !attributes.Any() || attributes.All(pa => pa.CanAccessResource(permissionContext)); return(result); } return(false); }
public abstract bool CanAccessResource(PermissionContext permissionContext);