public override void OnActionExecuting(HttpActionContext actionContext) { if (!actionContext.ActionArguments.Keys.Select(s => s.ToLower()).Contains(TokenName.ToLower())) { throw new HttpResponseException(HttpStatusCode.NotFound); } var argument = actionContext.ActionArguments[TokenName.ToLower()].ToString(); var command = new IsTokenHasAccessToFunctionCommand { Token = Guid.Parse(argument), Functions = _functions }; var answer = SessionService.IsTokenHasAccessToFunction(command); if (answer.AccessType == AccessType.Denied) { throw new HttpResponseException(HttpStatusCode.NotFound); } if (answer.AccessType == AccessType.Redirected) { throw new HttpResponseException(HttpStatusCode.NotFound); return; } base.OnActionExecuting(actionContext); }
protected virtual AccessType CheckPresenceOfToken(IsTokenHasAccessToFunctionCommand command) { var userFunctions = _userFunctionManager.GetFunctionsByToken(command.Token); if (!userFunctions.Any()) { return AccessType.Denied; } var functions = GetFunctionsByCommand(command); var result = PossessAllFunctions(functions, userFunctions.Select(access => access.FunctionStorageModel)); var checkedFunctions = userFunctions .Where(item => functions.Select(value => value.FunctionIdentityName).Contains(item.FunctionStorageModel.FunctionIdentityName)); if (!result) { return AccessType.Redirected; } if (checkedFunctions.Any(access => access.AccessType == AccessType.Disabled)) { return AccessType.Disabled; } return AccessType.Accepted; }
public IsTokenHasAccessToFunctionCommandAnswer IsTokenHasAccessToFunction(IsTokenHasAccessToFunctionCommand command) { if (command.Token == null) { return new IsTokenHasAccessToFunctionCommandAnswer { Errors = GetAccessDeniedErrors(), AccessType = AccessType.Denied }; } var result = new IsTokenHasAccessToFunctionCommandAnswer { AccessType = CheckPresenceOfToken(command), Token = (Guid)command.Token }; if (result.AccessType == AccessType.Denied) { result.Errors = GetAccessDeniedErrors(); } return result; }
protected virtual AccessType GetAccessByCommand(AbstractTokenCommand command) { if (command == null) { return AccessType.Denied; } var token = command.Token; var newCommand = new IsTokenHasAccessToFunctionCommand { Functions = _functions.ToList(), Token = token }; var sessionService = SessionServiceFactory.CreateSessionService(); var answer = sessionService.IsTokenHasAccessToFunction(newCommand); return answer.AccessType; }
protected virtual IEnumerable<FunctionStorageModel> GetFunctionsByCommand(IsTokenHasAccessToFunctionCommand command) { var result = _functionRepository.GetModels() .Where(model => command.Functions.Contains(model.FunctionIdentityName)) .Where(model => !model.IsBlocked) .ToList(); return result; }