public virtual void Authorize(ApplicationResource resoruce, Permission permission, AuthenticationContext authContext)
{
var user = _repository.Db.Set <User>()
.Include(u => u.Roles.Select(r => r.Access))
.FirstOrDefault(u => u.UserName == authContext.UserName);
if (user == null)
{
throw new AuthorizationExeption("Unauthorized Access");
}
var access = user.Roles.SelectMany(r => r.Access);
if (access.All(a => a.Description != resoruce.ToString()))
{
throw new AuthorizationExeption("Unauthorized Access");
}
}