public override void OnActionExecuting(ActionExecutingContext filterContext)
{
if (_allowAnonymous)
{
base.OnActionExecuting(filterContext);
return;
}
if (UserSessionContext.CurrentUserIsSysAdmin() == true)
{
base.OnActionExecuting(filterContext);
return;
}
HttpContextBase context = filterContext.HttpContext;
var url = context.Request.Url.ToString().ToLower();
var customerLoginUrl = UserSessionContext.UrlAdminLogin + "?url=" + HttpUtility.UrlEncode(url);
if (UserSessionContext.CurrentUser() == null)
{
filterContext.Result = new RedirectResult(customerLoginUrl);
}
else
{
// check url routing to match with rights
var controller = filterContext.RouteData.GetRequiredString("controller");
var action = filterContext.RouteData.GetRequiredString("action");
var keyName = $"/{controller}/{action}/";
var rights = UserSessionContext.CurrentUserRights();
var found = rights.FirstOrDefault(i => i.KeyName.Equals(keyName, StringComparison.OrdinalIgnoreCase));
if (found == null)
{
var xxx = UserSessionContext.ListAllRights();
Right x;
if (!xxx.TryGetValue(keyName.ToLower(), out x))
{
filterContext.Result = new RedirectResult(customerLoginUrl);
}
else
{
if (x.ReturnType.Equals(typeof(JsonResult).FullName, StringComparison.OrdinalIgnoreCase))
{
filterContext.Result = new JsonResult()
{
Data = new { Message = "Require logedin : " + url }
,
JsonRequestBehavior = JsonRequestBehavior.AllowGet
};
}
else
{
filterContext.Result = new RedirectResult(customerLoginUrl);
}
}
}
}
base.OnActionExecuting(filterContext);
}