public override void Intercept(IInvocation invocation) { var hasRight = true; var authAttribute = GetAuthAttribute(invocation); if (!this.IsDecoratedWith <NotLoggedAttribute>(invocation)) { var name = invocation.MethodInvocationTarget.Name.ToLower(); if (this.User == null && authAttribute.ToLower() == To.Everyone.ToLower()) { hasRight = true; } else if (!string.IsNullOrWhiteSpace(authAttribute)) { hasRight = IsGrantedWithAttribute(invocation); } else if (this.IsWriteMethod(name)) { hasRight = policy.IsGranted(To.Write, this.User); } else if (this.IsReadMethod(name)) { hasRight = policy.IsGranted(To.Read, this.User); } } if (hasRight) { invocation.Proceed(); } else { Logger.WarnFormat("Not granted to execute {0}.{1} [Role: '{2}']" , invocation.TargetType.Name , invocation.Method.Name , (this.User != null && this.User.AssignedRole != null) ? this.User.AssignedRole.Name : "EMPTY"); throw new AuthorisationException(invocation.TargetType, invocation.Method); } }
public bool IsUserGranted(string to) { return(policy.IsGranted(to, this.user)); }