public override bool IsAuthorized(AuthFilterContext context)
{
if (SecurityLevel == SecurityAccessLevel.Anonymous)
{
return true;
}
User = HttpContextSource.Current.Request.IsAuthenticated ? UserController.Instance.GetCurrentUserInfo() : new UserInfo();
ContextSecurity security = new ContextSecurity(context.ActionContext.Request.FindModuleInfo());
switch (SecurityLevel)
{
case SecurityAccessLevel.Authenticated:
return User.UserID != -1;
case SecurityAccessLevel.Host:
return User.IsSuperUser;
case SecurityAccessLevel.Admin:
return security.IsAdmin;
case SecurityAccessLevel.Edit:
return security.CanEdit;
case SecurityAccessLevel.View:
return security.CanView;
case SecurityAccessLevel.SessionSubmit:
return security.CanSubmitSessions;
case SecurityAccessLevel.AttendConference:
return security.CanAttend;
case SecurityAccessLevel.ManageConference:
return security.CanManage;
}
return false;
}
public override bool IsAuthorized(AuthFilterContext context)
{
if (SecurityLevel == SecurityAccessLevel.Anonymous)
{
return(true);
}
User = HttpContextSource.Current.Request.IsAuthenticated ? UserController.Instance.GetCurrentUserInfo() : new UserInfo();
ContextSecurity security = new ContextSecurity(context.ActionContext.Request.FindModuleInfo());
switch (SecurityLevel)
{
case SecurityAccessLevel.Authenticated:
return(User.UserID != -1);
case SecurityAccessLevel.Host:
return(User.IsSuperUser);
case SecurityAccessLevel.Admin:
return(security.IsAdmin);
case SecurityAccessLevel.Edit:
return(security.CanEdit);
case SecurityAccessLevel.View:
return(security.CanView);
case SecurityAccessLevel.SessionSubmit:
return(security.CanSubmitSessions);
case SecurityAccessLevel.AttendConference:
return(security.CanAttend);
case SecurityAccessLevel.ManageConference:
return(security.CanManage);
}
return(false);
}
public override bool IsAuthorized(AuthFilterContext context)
{
Logger.Trace("IsAuthorized");
if (SecurityLevel == SecurityAccessLevel.Anonymous)
{
Logger.Trace("Anonymous");
return(true);
}
User = HttpContextSource.Current.Request.IsAuthenticated ? UserController.Instance.GetCurrentUserInfo() : new UserInfo();
Logger.Trace("UserId " + User.UserID.ToString());
if (AllowApiKeyAccess && User.UserID == -1 && HttpContextSource.Current.Request.Params["apikey"] != null)
{
Logger.Trace("Using API key");
var conferenceId = int.Parse(HttpContextSource.Current.Request.Params["conferenceid"]);
var apiKey = Connect.Conference.Core.Repositories.ApiKeyRepository.Instance.GetApiKey(HttpContextSource.Current.Request.Params["apikey"]);
if (apiKey != null && apiKey.Expires != null && apiKey.Expires < System.DateTime.Now)
{
Connect.Conference.Core.Repositories.ApiKeyRepository.Instance.DeleteApiKey(apiKey.GetApiKeyBase());
apiKey = null;
}
if (apiKey != null && apiKey.ConferenceId == conferenceId)
{
User = UserController.Instance.GetUserById(PortalSettings.Current.PortalId, apiKey.CreatedByUserID);
HttpContextSource.Current.Items["UserInfo"] = User; // Set thread user - this will expire after the request!
}
}
ContextSecurity security = new ContextSecurity(context.ActionContext.Request.FindModuleInfo());
Logger.Trace(security.ToString());
switch (SecurityLevel)
{
case SecurityAccessLevel.Authenticated:
return(User.UserID != -1);
case SecurityAccessLevel.Host:
return(User.IsSuperUser);
case SecurityAccessLevel.Admin:
return(security.IsAdmin);
case SecurityAccessLevel.Edit:
return(security.CanEdit);
case SecurityAccessLevel.View:
return(security.CanView);
case SecurityAccessLevel.SessionSubmit:
return(security.CanSubmitSessions);
case SecurityAccessLevel.AttendConference:
return(security.CanAttend);
case SecurityAccessLevel.ManageConference:
return(security.CanManage);
case SecurityAccessLevel.AttendsConference:
var conferenceId = int.Parse(HttpContextSource.Current.Request.Params["conferenceid"]);
return(Connect.Conference.Core.Repositories.AttendeeRepository.Instance.GetAttendee(conferenceId, security.UserId) != null);
}
return(false);
}