Exemplo n.º 1
0
        private void isUserAuthorized(AuthorizationContext filterContext)
        {
            // set token and userId cookie
            _tokenCookie  = filterContext.HttpContext.Request.Cookies.Get("access");
            _userIdCookie = filterContext.HttpContext.Request.Cookies.Get("userId");

            // get request url
            string returnUrl = filterContext.HttpContext.Request.Url.AbsoluteUri;



            // if user's token is expired
            if (_tokenCookie == null && _userIdCookie != null)
            {
                // check if it's ajax call
                if (filterContext.HttpContext.Request.IsAjaxRequest())
                {
                    filterContext.HttpContext.Response.StatusCode = 302; //Found Redirection to another page. Here- login page. Check Layout ajaxError() script.
                    filterContext.HttpContext.Response.End();
                    SetResultPage(filterContext, "Home", "Index", returnUrl,
                                  "Session expired. Please log in again");
                    return;
                }

                SetResultPage(filterContext, "Home", "Index", returnUrl,
                              "Session expired. Please log in again");
                return;
            }

            // if user is not logged in
            if (_tokenCookie == null)
            {
                SetResultPage(filterContext, "Home", "Index", returnUrl,
                              "Please login.");
                return;
            }

            // if user's token is present and there is a username
            if (_tokenCookie != null && _userIdCookie != null)
            {
                bool            hasAccess = false;
                VoteUserManager user      = new VoteUserManager();

                if (!string.IsNullOrEmpty(this.Roles))
                {
                    // split roles
                    string[] roles = this.Roles.Split(',');
                    for (int i = 0; i < roles.Length; i++)
                    {
                        roles[i] = roles[i].Trim();
                    }

                    // check roles
                    foreach (var role in roles)
                    {
                        if (user.HasRole(role))
                        {
                            hasAccess = true;
                        }
                    }
                }
                else
                {
                    hasAccess = true;
                }

                // return unauthorized if check failed
                if (!hasAccess)
                {
                    SetResultPage(filterContext, "Unauthorized", "Index");
                }
                else
                {
                    // check if user is a voter
                    if (user.HasRole("Voter"))
                    {
                        // validate if election is still on
                        using (DbContext db = new DbContext())
                        {
                            var endDate   = db.Election.Select(x => x.EndDate).FirstOrDefault();
                            var startDate = db.Election.Select(x => x.StartDate).FirstOrDefault();

                            // init today
                            var today = DateTime.Now;

                            if (endDate < today)
                            {
                                SetResultPage(filterContext, "Unauthorized", "vote-over");
                            }
                            else if (today < startDate)
                            {
                                SetResultPage(filterContext, "Unauthorized", "vote-not-started");
                            }
                        }
                    }
                }
            }
        }