public override void OnActionExecuting(ActionExecutingContext filterContext) { var id = filterContext.HttpContext.Request["id"]; var itemId = new Guid(); if (String.IsNullOrEmpty(id) || Guid.TryParse(id, out itemId) == false) { filterContext.Result = new RedirectResult("/reports", true); } else { var itemManagement = new ItemManagement(GlobalAppSettings.QueryBuilder, GlobalAppSettings.DataProvider); var itemDetail = itemManagement.GetItemDetailsFromItemId(itemId, false); if (itemDetail == null) { filterContext.Result = new ViewResult { ViewName = "../Home/PermissionDenied" }; } else { var itemsList = itemManagement.GetItems(Convert.ToInt32(filterContext.HttpContext.User.Identity.Name), itemDetail.ItemType, null, null, null, null, null, itemId); if (!itemsList.result.Any(a => a.Id == itemId && a.CanRead)) { filterContext.Result = new ViewResult { ViewName = "../Home/PermissionDenied" }; } } } base.OnActionExecuting(filterContext); }