Exemplo n.º 1
0
        public static bool CanAlternateBetweenUsers(
            this WebViewPage @this,
            [AspMvcAction]string action = null,
            [AspMvcController]string controller = null,
            string method = "GET",
            object routeValues = null)
        {
            // TODO: must cache all of these informations
            // todo: this method is similar to CanAccessAction... maybe we can merge them somehow

            if (@this == null)
                throw new ArgumentNullException("this");

            var routeValuesDic = new RouteValueDictionary(routeValues);
            var mvcHelper = new MvcActionHelper(
                @this.ViewContext.Controller.ControllerContext, action, controller, method, routeValuesDic);

            if (mvcHelper.ActionDescriptor == null)
            {
                // The view does not exist... this means that nobody can access it.
                return false;
            }

            var attributes = mvcHelper
                    .GetFilters()
                    .Select(f => f.Instance)
                    .OfType<CanAlternateUserAttribute>()
                    .ToArray();

            var result = attributes.Length > 0;

            return result;
        }
Exemplo n.º 2
0
        /// <summary>
        /// Checks whether the current user can access the specified action.
        /// At this moment it looks only at PermissionAttribute attributes.
        /// </summary>
        /// <param name="this">The current view page.</param>
        /// <param name="action">Action name to test.</param>
        /// <param name="controller">Controller name to test.</param>
        /// <param name="method">Http method to differentiate GET, HEAD, POST, PUT and DELETE actions.</param>
        /// <param name="routeValues">An object containing the route values for the action. </param>
        /// <returns>Returns true if the current user has access to the given action; otherwise false. </returns>
        public static bool CanAccessAction(
            this WebViewPage @this,
            [AspMvcAction]string action = null,
            [AspMvcController]string controller = null,
            string method = "GET",
            object routeValues = null)
        {
            // TODO: must cache all of these informations

            if (@this == null)
                throw new ArgumentNullException("this");

            var routeValuesDic = new RouteValueDictionary(routeValues);
            var mvcHelper = new MvcActionHelper(
                @this.ViewContext.Controller.ControllerContext, action, controller, method, routeValuesDic);

            if (mvcHelper.ActionDescriptor == null)
            {
                // The view does not exist... this means that nobody can access it.
                return false;
            }

            if (routeValues != null)
            {
                // checking action parameters
                var actionParams = mvcHelper.ActionDescriptor.GetParameters();

                // todo: check routeValuesDic to see if the contained values fit the actionParams
                // todo: maybe we should try to bind values (it could be slow)
            }

            // Getting the current DB User... (the logged user).
            var cerebelloController = @this.ViewContext.Controller as CerebelloController;
            User dbUser = null;
            if (cerebelloController != null)
            {
                cerebelloController.InitDb();
                cerebelloController.InitDbUser(@this.Request.RequestContext);
                dbUser = cerebelloController.DbUser;
            }

            // If there is a logged user, then use permission attributes to determine whether user has access or not.
            if (dbUser != null)
            {
                var attributes = mvcHelper
                        .GetFilters()
                        .Select(f => f.Instance)
                        .OfType<PermissionAttribute>()
                        .ToArray();

                var permissionContext = new PermissionContext
                    {
                        User = dbUser,
                        ControllerContext = mvcHelper.MockControllerContext,
                    };

                var result = !attributes.Any()
                             || attributes.All(pa => pa.CanAccessResource(permissionContext));

                return result;
            }

            return false;
        }