public override void OnActionExecuting(ActionExecutingContext filterContext) { RomaAutoDBEntities _db = new RomaAutoDBEntities(); MainUser user = (MainUser)filterContext.HttpContext.Session["user"]; if (_db.Admins.FirstOrDefault(item => item.AdminCategoryId == user.Category) == null || user.Category != 1) { filterContext.Result = new HttpStatusCodeResult(HttpStatusCode.Forbidden); } base.OnActionExecuting(filterContext); }
public override void OnActionExecuting(ActionExecutingContext filterContext) { RomaAutoDBEntities _db = new RomaAutoDBEntities(); MainUser user = (MainUser)filterContext.HttpContext.Session["user"]; if (user == null) { filterContext.Result = new RedirectToRouteResult( new RouteValueDictionary{{ "controller", "Account" }, { "action", "Login" } }); } else { var userFromDb = _db.Admins.FirstOrDefault(item => item.Id == user.Id && item.Name == user.Name && item.AdminCategoryId == user.Category); if (userFromDb == null) { filterContext.Result = new HttpStatusCodeResult(HttpStatusCode.Forbidden); } } base.OnActionExecuting(filterContext); }