/// <summary> /// Sets whether the user is authorized to access the resource. /// </summary> /// <param name="httpContext"> The http context. </param> /// <returns> The <see cref="bool"/>. </returns> protected override bool AuthorizeCore(HttpContextBase httpContext) { // Not logged in? Send to error page var authorized = base.AuthorizeCore(httpContext); if (!authorized) { return(false); } // Admins can do anything. if (httpContext.User.IsInRole("1")) { return(true); } // Otherwise we are looking a provider. // Get the ID of the resource requested. var routeData = httpContext.Request.RequestContext.RouteData; var id = int.Parse(routeData.Values["id"].ToString()); // Get the user's id and look them up var userId = httpContext.User.Identity.Name; var logics = new AccountLogics(); var userInfo = logics.GetUser(int.Parse(userId)); // Verify the user is tied to the same provider Id as the resource requested. return(id == userInfo.ProviderId); }
/// <summary> /// Initialize for all controllers that need access to the user id. /// </summary> /// <param name="requestContext"> /// The request context. /// </param> protected override void Initialize(RequestContext requestContext) { base.Initialize(requestContext); if (requestContext.HttpContext.User.Identity.IsAuthenticated) { this.UserId = int.Parse(requestContext.HttpContext.User.Identity.Name); ViewBag.UserId = this.UserId; var logics = new AccountLogics(); var userInfo = logics.GetUser(this.UserId); if (userInfo != null) { // Verify the user is tied to the same provider Id as the resource requested. ViewBag.ServiceProviderId = userInfo.ProviderId; } } }