//=================================
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
//bool authorize = false;
httpContext.Session["HasAnyRole"] = false;
if (httpContext.Session["UserCmsInfo"] != null && !string.IsNullOrEmpty((httpContext.Session["UserCmsInfo"] as UserLoginCmsViewModel).UserId.ToString()))
{
var uId = (httpContext.Session["UserCmsInfo"] as UserLoginCmsViewModel).UserId;
var rawUrl = httpContext.Request.RawUrl.Trim().ToLower();
var currentUserAccesses = (from ur in _userRoleService.FetchAll()
join u in _userService.FetchAll() on ur.UserId equals u.Id
join r in _roleService.FetchAll() on ur.RoleId equals r.Id
join ac in _userAccessService.FetchAll() on r.Id equals ac.RoleId into tempAccess
from t in tempAccess.DefaultIfEmpty()
where ur.UserId == uId
select new
{
Url = t != null ? $"/{t.ControllerName}/{t.ActionName}" : null,
RoleId = ur.RoleId
}).Distinct().ToList();
if (currentUserAccesses.Count() > 0)
{
var currentUserRoles = currentUserAccesses.Select(s => s.RoleId).Distinct().ToList();
var strUserRoles = string.Join(",", currentUserRoles).Trim();
if (!string.IsNullOrEmpty(strUserRoles))
{
if (strUserRoles.Contains(RoleIds.Admin))
{
httpContext.Session["HasAnyRole"] = true;
return((bool)httpContext.Session["HasAnyRole"]);
}
else
{
if (!string.IsNullOrEmpty(rawUrl))
{
var allUrls = currentUserAccesses.Where(w => !string.IsNullOrEmpty(w.Url)).Select(s => s.Url.ToLower()).Distinct().ToList();
foreach (var url in allUrls)
{
if (rawUrl.Contains(url))
{
httpContext.Session["HasAnyRole"] = true;
return((bool)httpContext.Session["HasAnyRole"]);
}
}
}
}
}
}
}
return((bool)httpContext.Session["HasAnyRole"]);
}
