public static User Validate(string username, string password)
{
User user = new User(username);
if (!user.IsNew && user.Active && Colourblind.Core.Security.CheckHash(password, user.Password))
return user;
else
return null;
}
public void OnAuthorization(AuthorizationContext filterContext)
{
Models.User user = new Models.User(filterContext.HttpContext.User.Identity.Name);
if (user == null || user.IsNew)
throw new UnauthorizedAccessException("User not logged in");
foreach (string permission in _requiredPermissions)
{
if (!user.HasPermission(permission))
throw new UnauthorizedAccessException(String.Format("User does not have required permission", user.UserId, permission));
}
}
