internal static bool Authorized(Controller controller) { ClinicWallyMisrEntities db = ClinicWallyMisrEntities.Instance; string uri, table; if (controller.Session["username"] != null && controller.Session["username"] != string.Empty) { string username = controller.Session["username"] as string; if (username != null && username != string.Empty) { Account account = db.Accounts.FirstOrDefault(u => u.name == username); if (account != null) { if (!account.isAdmin) { uri = controller.Request.Url.AbsolutePath; uri = uri.Replace("/", ""); uri = uri.Replace("\\", ""); uri = uri.ToLower(); table = ""; string key = tablePages.Keys.FirstOrDefault(k => uri.Contains(k)); if (key != null && key != string.Empty) { table = tablePages[key]; } if (table != "") { Table myTable = db.Tables.FirstOrDefault(o => o.tableName == table); if (myTable != null) { if (account.Group.Permissions.Where(o => o.tableId == myTable.id).Count() > 0) { Permission perms = account.Group.Permissions.FirstOrDefault(o => o.tableId == myTable.id); if (perms != null) { if (uri.Contains("create")) { if (perms.canAdd) { return(true); } } else if (uri.Contains("edit")) { if (perms.canEdit) { return(true); } } else if (uri.Contains("delete")) { if (perms.canDelete) { return(true); } } else { if (perms.canRead) { return(true); } } } } } } } else { return(true); // is admin } } } } return(false); }