protected override bool AuthorizeCore(HttpContextBase httpContext)
     {
         var authorized = base.AuthorizeCore(httpContext);
         if (!authorized)
         {
             // The user is not authenticated
             return false;
         }
 
         var rd = httpContext.Request.RequestContext.RouteData;
         string id = rd.Values["id"] as string;
         if (string.IsNullOrEmpty(id))
         {
             // No id was specified => we do not allow access
             return false;
         }
 
         string roles = ItemAccess.AuthorizedRoleList(AccessType.Write, id);
         return httpContext.User.IsInRole(roles))
     }