private bool IsAllowed(User user, string path)
        {
            EntityContext _db = new EntityContext();
            var userRolesIds = user.Roles.Select(r => r.RoleID).ToList();
            var allowRoles = _db.AllowRules.Where(ar => ar.Path == path).Select(ar => ar.Roles).ToList();

            foreach (Role role in allowRoles) {
                if (userRolesIds.Contains(role.RoleID ))
                {
                    return true ;
                }
            }
            return false;
        }
 public ActionResult ChangePersonelInfo(User model)
 {
     try
     {
         var user = db.Users.Find(((User)Session["CurrentUser"]).UserID);
         user.Tel = model.Tel;
         user.Comment = model.Comment;
         user.Email = model.Email;
         user.FirstName = model.FirstName;
         user.LastName = model.LastName;
         db.Entry(user).State = EntityState.Modified;
         db.SaveChanges();
     }
     catch (Exception)
     {
         ModelState.AddModelError("", "Error occurred while Modifying store, please check your information!");
     }
     ViewBag.Roles = db.Roles.OrderBy(g => g.RoleName).ToList();
     ViewBag.Stores = db.Stores.OrderBy(a => a.StoreName).ToList();
     return RedirectToAction("Details", new { id = model.UserID });
 }
 public ActionResult Edit(User model)
 {
     try
        {
        var user = db.Users.Find(model.UserID);
        user.Tel = model.Tel;
        user.Comment = model.Comment;
        user.Email = model.Email;
        user.FirstName = model.FirstName;
        user.LastName = model.LastName;
        user.Roles.Clear();
        foreach (Role role in model.Roles)
        {
            user.Roles.Add(db.Roles.Find(role.RoleID));
        }
        db.Entry(user).State = EntityState.Modified;
        db.SaveChanges();
        }
        catch (Exception)
        {
        ModelState.AddModelError("", "Error occurred while Modifying store, please check your information!");
        }
     ViewBag.Roles = db.Roles.OrderBy(g => g.RoleName).ToList();
     ViewBag.Stores = db.Stores.OrderBy(a => a.StoreName).ToList();
     return RedirectToAction("Details", new { id = model.UserID });
 }
 public ActionResult Create(User user)
 {
     try
     {
         if (ModelState.IsValid)
         {
             foreach (Role role in user.Roles) {
                 db.Roles.Attach(role);
             }
             db.Users.Add(user);
             db.SaveChanges();
             return RedirectToAction("Index");
         }
     }
     catch (Exception e)
     {
         ModelState.AddModelError("", "tianjiacuowu!");
     }
     return View(user);
 }