public override void OnBeforeExecute(object requestDto) { var webeasRepositoryBase = (IRepositoryBase)repository; webeasRepositoryBase.Session = SessionAs <IWebEasSession>(); ((RepositoryBase)Repository).SetRequestEsamDbContext(requestDto as IEsamDbSession, Request.GetHeader("EsamDb")); if (HostContext.ServiceName != "pfe" && requestDto.GetType().Name != "NotifyPersonDataChangeDto" && requestDto.GetType().Name != "LongOperationListDto") { if (requestDto.GetType().HasAttribute <RouteAttribute>()) { var rootNode = webeasRepositoryBase.RenderModuleRootNode; var routeUrl = requestDto.GetType().FirstAttribute <RouteAttribute>().Path; var usernoderights = webeasRepositoryBase.GetUserTreeRights(webeasRepositoryBase.Code); var hierarchyNodesWithUrl = rootNode.Children.RecursiveSelect(w => w.Children).Where(x => x.Actions.Any(z => z.Url != null && z.Url.Contains(routeUrl))); //kontrola na akciu foreach (var node in hierarchyNodesWithUrl) { var userTreeRight = usernoderights.FirstOrDefault(r => r.Kod == RepairNodeKey(node.KodPolozky)); if (node.GeneratedNode) { } foreach (NodeAction act in node.Actions.Where(z => z.Url != null && z.Url.Contains(routeUrl))) { if (act.ActionType is NodeActionType.MenuButtonsAll) { act.MenuButtons.ForEach((x) => { if (!HierarchyNode.HasRolePrivileges(x, userTreeRight)) { throw new WebEasUnauthorizedAccessException(); } }); } else { if (!HierarchyNode.HasRolePrivileges(act, userTreeRight)) { throw new WebEasUnauthorizedAccessException(); } } } } // kontrola na ListDto if (requestDto.GetType().HasInterface(typeof(IListDto))) { var kodPolozky = ((IListDto)requestDto).KodPolozky; var cleanKodPolozky = RepairNodeKey(kodPolozky); var userTreeRight = usernoderights.FirstOrDefault(r => r.Kod == cleanKodPolozky); if (userTreeRight == null || userTreeRight.Pravo == 0) { var node = rootNode.Find(kodPolozky); if (node == null || !node.GeneratedNode || !HasParentPermissionForGeneratedNode(node, usernoderights)) { throw new WebEasUnauthorizedAccessException(); } } } // kontrola na ListComboDto if (requestDto.GetType().HasInterface(typeof(IListComboDto))) { var kodPolozky = ((IListComboDto)requestDto).KodPolozky; var cleanKodPolozky = RepairNodeKey(kodPolozky); var userTreeRight = usernoderights.FirstOrDefault(r => r.Kod == cleanKodPolozky); if (userTreeRight == null || userTreeRight.Pravo == 0) { var node = rootNode.Find(kodPolozky); if (node == null || !node.GeneratedNode || !HasParentPermissionForGeneratedNode(node, usernoderights)) { throw new WebEasUnauthorizedAccessException(); } } } } } base.OnBeforeExecute(requestDto); }