public override void OnActionExecuting(HttpActionContext filterContext)
{
// Get API key provider
TokenServicesController provider = new TokenServicesController();
if (filterContext.Request.Headers.Contains(Token))
{
var tokenValue = filterContext.Request.Headers.GetValues(Token).First();
// Validate Token
if (provider != null && !provider.ValidateToken(tokenValue))
{
var responseMessage = new HttpResponseMessage(HttpStatusCode.Unauthorized)
{
ReasonPhrase = "Invalid Request"
};
filterContext.Response = responseMessage;
}
}
else
{
filterContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
}
base.OnActionExecuting(filterContext);
}
public override Task <HttpResponseMessage> ExecuteAsync(HttpControllerContext controllerContext, CancellationToken cancellationToken)
{
bool isCorsRequest = controllerContext.Request.Headers.Contains(Origin);
bool isPreflightRequest = controllerContext.Request.Method == HttpMethod.Options;
TokenServicesController provider = new TokenServicesController();
if (controllerContext.Request.Headers.Contains(Token))
{
var tokenValue = controllerContext.Request.Headers.GetValues(Token).FirstOrDefault();
if (tokenValue == null || (provider != null && !provider.ValidateToken(tokenValue)))
{
var responseMessage = new HttpResponseMessage(HttpStatusCode.Unauthorized)
{
ReasonPhrase = "Invalid Request"
};
controllerContext.Request.CreateResponse(responseMessage);
}
else
{
ApplicationContext db1 = new ApplicationContext(new SystemUser());
var _tokenInfo = db1.ApiTokens.FirstOrDefault(p => p.T_AuthToken == tokenValue);
var _userId = _tokenInfo.T_UsersID;
ApplicationDbContext userdb = new ApplicationDbContext();
var _userInfo = userdb.Users.FirstOrDefault(p => p.Id == _userId);
ApiUser _apiuser = new ApiUser(_userInfo.UserName);
_apiuser.JavaScriptEncodedName = _userInfo.Email;
var roles = _apiuser.GetRoles();
var isAdmin = _apiuser.IsAdminUser();
_apiuser.IsAdmin = isAdmin;
_apiuser.userroles = roles.ToList();
List <Permission> permissions = new List <Permission>();
using (var pc = new PermissionContext())
{
// so we only make one database call instead of one per entity?
var rolePermissions = pc.Permissions.Where(p => roles.Contains(p.RoleName)).ToList();
foreach (var entity in GeneratorBase.MVC.ModelReflector.Entities)
{
var calculated = new Permission();
var raw = rolePermissions.Where(p => p.EntityName == entity.Name);
calculated.EntityName = entity.Name;
calculated.CanEdit = isAdmin || raw.Any(p => p.CanEdit);
calculated.CanDelete = isAdmin || raw.Any(p => p.CanDelete);
calculated.CanAdd = isAdmin || raw.Any(p => p.CanAdd);
calculated.CanView = isAdmin || raw.Any(p => p.CanView);
calculated.IsOwner = raw.Any(p => p.IsOwner != null && p.IsOwner.Value);
if (!isAdmin)
{
calculated.SelfRegistration = raw.Any(p => p.SelfRegistration != null && p.SelfRegistration.Value);
}
else
{
calculated.SelfRegistration = false;
}
if (calculated.IsOwner != null && calculated.IsOwner.Value)
{
calculated.UserAssociation = raw.FirstOrDefault().UserAssociation;
}
else
{
calculated.UserAssociation = string.Empty;
}
//FLS
if (!isAdmin)
{
var listEdit = raw.Select(p => p.NoEdit).ToList();
var listView = raw.Select(p => p.NoView).ToList();
var resultEdit = "";
var resultView = "";
foreach (var str in listEdit)
{
if (str != null)
{
resultEdit += str;
}
}
foreach (var str in listView)
{
if (str != null)
{
resultView += str;
}
}
calculated.NoEdit = resultEdit;
calculated.NoView = resultView;
}
//
permissions.Add(calculated);
}
}
_apiuser.permissions = permissions;
List <BusinessRule> businessrules = new List <BusinessRule>();
using (var br = new BusinessRuleContext())
{
var rolebr = br.BusinessRules.Where(p => p.Roles != null && p.Roles.Length > 0 && !p.Disable && p.AssociatedBusinessRuleTypeID != 5).ToList();
foreach (var rules in rolebr)
{
if (_apiuser.IsInRole(rules.Roles.Split(",".ToCharArray())))
{
businessrules.Add(rules);
}
}
}
_apiuser.businessrules = new List <BusinessRule>();//businessrules.ToList();
User = _apiuser;
db = new ApplicationContext(_apiuser);
if (isCorsRequest)
{
if (isPreflightRequest)
{
var response = new HttpResponseMessage(HttpStatusCode.OK);
response.Headers.Add(AccessControlAllowOrigin, (controllerContext.Request.Headers.GetValues(Origin).First()));
string accessControlRequestMethod = controllerContext.Request.Headers.GetValues(AccessControlRequestMethod).FirstOrDefault();
if (accessControlRequestMethod != null)
{
response.Headers.Add(AccessControlAllowMethods, accessControlRequestMethod);
}
string requestedHeaders = string.Join(", ", controllerContext.Request.Headers.GetValues(AccessControlRequestHeaders));
if (!string.IsNullOrEmpty(requestedHeaders))
{
response.Headers.Add(AccessControlAllowHeaders, requestedHeaders);
}
var tcs = new TaskCompletionSource <HttpResponseMessage>();
tcs.SetResult(response);
return(tcs.Task);
}
return(base.ExecuteAsync(controllerContext, cancellationToken).ContinueWith(t =>
{
HttpResponseMessage resp = t.Result;
resp.Headers.Add(Token, controllerContext.Request.Headers.GetValues(Token).First());
return resp;
}));
//
}
}
return(base.ExecuteAsync(controllerContext, cancellationToken).ContinueWith(t =>
{
HttpResponseMessage resp = t.Result;
resp.Headers.Add(Token, controllerContext.Request.Headers.GetValues(Token).First());
return resp;
}));
}
else
{
return(base.ExecuteAsync(controllerContext, cancellationToken).ContinueWith(t =>
{
HttpResponseMessage resp = t.Result;
resp.StatusCode = HttpStatusCode.NotFound;
resp.ReasonPhrase = "Unauthorized access !";
return resp;
}));
}
}
