/// <summary> /// Checks whether a User is authenticated (or guests are permitted) and the given action is allowed /// </summary> /// <param name="context">HTTP Context</param> /// <param name="groups">User Groups to test against</param> /// <param name="action">Action to check for permission for</param> /// <returns></returns> public static bool IsAuthenticated(HttpContext context, IEnumerable <UserGroup> groups, String action) { if (groups.Any()) { //Does any Group have this Member and allow this action? String user = HandlerHelper.GetUsername(context); if (user != null && !groups.Any(g => g.HasMember(user) && g.IsActionPermitted(context.Request.HttpMethod))) { context.Response.StatusCode = (int)HttpStatusCode.Forbidden; return(false); } else if (!groups.Any(g => g.AllowGuests)) { //No Groups allow guests so we require authentication context.Response.StatusCode = (int)HttpStatusCode.Unauthorized; return(false); } else { //No Authorization so does a Group that allows guests allow this action? if (!groups.Any(g => g.AllowGuests && g.IsActionPermitted(context.Request.HttpMethod))) { //There are no Groups that allow guests and allow this action so this is forbidden context.Response.StatusCode = (int)HttpStatusCode.Forbidden; return(false); } } } return(true); }
/// <summary> /// Checks whether a User is authenticated (or guests are permitted) /// </summary> /// <param name="context">HTTP Context</param> /// <param name="groups">User Groups to test against</param> /// <returns></returns> public static bool IsAuthenticated(HttpContext context, IEnumerable <UserGroup> groups) { String user = HandlerHelper.GetUsername(context); if (groups.Any()) { if (user != null && groups.Any(g => g.HasMember(user))) { //A Group has the given Member so is authenticated return(true); } else if (!groups.Any(g => g.AllowGuests)) { //No Groups allow guests so we require authentication context.Response.StatusCode = (int)HttpStatusCode.Unauthorized; return(false); } } return(true); }