protected override bool AuthorizeCore(HttpContextBase httpContext)
 {
     using (var db = new DB())
     {
         var id = 0;
         if (((MvcHandler)httpContext.Handler).RequestContext.RouteData.Values["id"] != null)
             id = Convert.ToInt32(((MvcHandler)httpContext.Handler).RequestContext.RouteData.Values["id"]);
         else
             id = Convert.ToInt32(httpContext.Request.Form["id"]);
         var user = db.Users.Find(id);
         if (user == null)
         {
             return false;
         }
         if (!string.IsNullOrEmpty(httpContext.User.Identity.Name))
         {
             var group = db.UserGroups.Where(ug => ug.LoginName == httpContext.User.Identity.Name).FirstOrDefault();
             if (group == null)
             {
                 return false;
             }
             if (user.UserGroupID != group.ID)
             {
                 return false;
             }
         }
     }
     return true;
 }
 protected override bool AuthorizeCore(HttpContextBase httpContext)
 {
     using (var db = new DB())
     {
         var id = 0;
         if (((MvcHandler)httpContext.Handler).RequestContext.RouteData.Values["id"] != null)
             id = Convert.ToInt32(((MvcHandler)httpContext.Handler).RequestContext.RouteData.Values["id"]);
         else
             id = Convert.ToInt32(httpContext.Request.Form["id"]);
         var product = db.Products.Find(id);
         if (product == null)
         {
             return false;
         }
         if (!string.IsNullOrEmpty(httpContext.User.Identity.Name))
         {
             var bussiness = db.Businesses.Where(ug => ug.LoginName == httpContext.User.Identity.Name).FirstOrDefault();
             if (bussiness == null)
             {
                 return false;
             }
             if (product.BusinessID != bussiness.ID)
             {
                 return false;
             }
         }
     }
     return true;
 }
예제 #3
0
        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            using (var db = new DB())
            {
                var id = 0;
                if (((MvcHandler)httpContext.Handler).RequestContext.RouteData.Values["id"] != null)
                    id = Convert.ToInt32(((MvcHandler)httpContext.Handler).RequestContext.RouteData.Values["id"]);
                else
                    id = Convert.ToInt32(httpContext.Request.Form["id"]);
                var user = db.Users.Find(id);

                if (!httpContext.User.Identity.Name.Equals(user.UserName))
                {
                    return false;
                }

            }
            return true;
        }