public override void OnAuthorization(HttpActionContext actionContext) { _actionContext = actionContext; var currentUser = actionContext.RequestContext.Principal.Identity; if (currentUser.IsAuthenticated) { var queryString = actionContext.Request.RequestUri.Query; NameValueCollection parameters = System.Web.HttpUtility.ParseQueryString(queryString); var portalId = parameters["portalId"]; if (portalId == null) { ThrowResponseException(HttpStatusCode.NotFound, "ProjectAuthorizationAttribute: parameter portalId not found"); } PortalService _portalService = new PortalService(); if (!_portalService.IsPortalOwner(portalId)) { ThrowResponseException(HttpStatusCode.Unauthorized, "For removal, update and create portal projects, you must be the owner of the portal"); } var actionName = actionContext.ActionDescriptor.ActionName; if (actionName == "Update" || actionName == "Delete") { int projectId; if (!int.TryParse(actionContext.ControllerContext.RouteData.Values["id"].ToString(), out projectId)) { ThrowResponseException(HttpStatusCode.BadRequest, "ProjectAuthorizationAttribute: projectId is invalid"); } ProjectService _projectService = new ProjectService(); if (_projectService.GetProjectOwner(projectId).Email != currentUser.Name) { ThrowResponseException(HttpStatusCode.Unauthorized, "For removal, update and create project, you must be the owner of the project"); } } } else { ThrowResponseException(HttpStatusCode.Unauthorized, "Authentication required"); } base.OnAuthorization(actionContext); }
public bool IsPortalOwner([Required] string id) { return(_portalService.IsPortalOwner(id)); }