Exemplo n.º 1
0
        internal static bool Authorized(Controller controller)
        {
            ClinicWallyMisrEntities db = ClinicWallyMisrEntities.Instance;
            string uri, table;

            if (controller.Session["username"] != null && controller.Session["username"] != string.Empty)
            {
                string username = controller.Session["username"] as string;
                if (username != null && username != string.Empty)
                {
                    Account account = db.Accounts.FirstOrDefault(u => u.name == username);
                    if (account != null)
                    {
                        if (!account.isAdmin)
                        {
                            uri   = controller.Request.Url.AbsolutePath;
                            uri   = uri.Replace("/", "");
                            uri   = uri.Replace("\\", "");
                            uri   = uri.ToLower();
                            table = "";
                            string key = tablePages.Keys.FirstOrDefault(k => uri.Contains(k));
                            if (key != null && key != string.Empty)
                            {
                                table = tablePages[key];
                            }
                            if (table != "")
                            {
                                Table myTable = db.Tables.FirstOrDefault(o => o.tableName == table);
                                if (myTable != null)
                                {
                                    if (account.Group.Permissions.Where(o => o.tableId == myTable.id).Count() > 0)
                                    {
                                        Permission perms = account.Group.Permissions.FirstOrDefault(o => o.tableId == myTable.id);
                                        if (perms != null)
                                        {
                                            if (uri.Contains("create"))
                                            {
                                                if (perms.canAdd)
                                                {
                                                    return(true);
                                                }
                                            }
                                            else if (uri.Contains("edit"))
                                            {
                                                if (perms.canEdit)
                                                {
                                                    return(true);
                                                }
                                            }
                                            else if (uri.Contains("delete"))
                                            {
                                                if (perms.canDelete)
                                                {
                                                    return(true);
                                                }
                                            }
                                            else
                                            {
                                                if (perms.canRead)
                                                {
                                                    return(true);
                                                }
                                            }
                                        }
                                    }
                                }
                            }
                        }
                        else
                        {
                            return(true); // is admin
                        }
                    }
                }
            }
            return(false);
        }