protected override bool AuthorizeCore(HttpContextBase httpContext)
{
bool isInRole = false;
if (!string.IsNullOrWhiteSpace(Roles))
{
var roles = Roles.Split(new string[] { "," }, StringSplitOptions.RemoveEmptyEntries);
var db = new LunchAccounting.Models.LunchAccountingEntities();
var users = db.Users.Include(a => a.UserGroupMembers);
var user = users.Where(p => p.UserName == httpContext.User.Identity.Name).FirstOrDefault();
foreach (var role in roles)
{
foreach (var userGroupMember in user.UserGroupMembers)
{
if (userGroupMember.UserGroup.GroupName.Equals(role, StringComparison.OrdinalIgnoreCase))
{
isInRole = true;
break;
}
}
if (isInRole)
{
break;
}
}
}
return isInRole;
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
bool hasAccess = false;
var db = new LunchAccounting.Models.LunchAccountingEntities();
var user = db.Users
.Include(a => a.UserGroupMembers)
.Where(p => p.UserName == httpContext.User.Identity.Name)
.FirstOrDefault();
var resource = httpContext.Request.RequestContext.RouteData.Values["controller"].ToString();
var operation = httpContext.Request.RequestContext.RouteData.Values["action"].ToString();
var userAccesses = db.AppResourceAccesses.Include(p => p.AppResource)
.Where(
p => "User".Equals(p.IdentityType, StringComparison.OrdinalIgnoreCase) &&
p.Identity_id == user.User_id &&
resource.Equals(p.AppResource.Resource, StringComparison.OrdinalIgnoreCase) &&
(p.OperationType == null || p.OperationType == string.Empty || operation.Equals(p.OperationType, StringComparison.OrdinalIgnoreCase))
);
var userGroupIds = user.UserGroupMembers.Select(a => a.UserGroup_id).ToList();
var groupAccesses = db.AppResourceAccesses
.Where(p => "UserGroup".Equals(
p.IdentityType, StringComparison.OrdinalIgnoreCase) &&
userGroupIds.Contains(p.Identity_id) &&
resource.Equals(p.AppResource.Resource, StringComparison.OrdinalIgnoreCase) &&
(p.OperationType == null || p.OperationType == string.Empty || operation.Equals(p.OperationType, StringComparison.OrdinalIgnoreCase))
);
if (userAccesses.Count() == 0 && groupAccesses.Count() == 0)
{
var resourceInfo = db.AppResources.Where(p => resource.Equals(p.Resource, StringComparison.OrdinalIgnoreCase));
return resourceInfo.Count() == 1 && "allow".Equals(resourceInfo.First().DefaultAccess, StringComparison.OrdinalIgnoreCase);
}
foreach (var useraccess in userAccesses)
{
if ("deny".Equals(useraccess.Access, StringComparison.OrdinalIgnoreCase))
{
return false;
}
if ("allow".Equals(useraccess.Access, StringComparison.OrdinalIgnoreCase))
{
hasAccess = true;
}
}
foreach (var groupaccess in groupAccesses)
{
if ("deny".Equals(groupaccess.Access, StringComparison.OrdinalIgnoreCase))
{
return false;
}
if ("allow".Equals(groupaccess.Access, StringComparison.OrdinalIgnoreCase))
{
hasAccess = true;
}
}
return hasAccess;
}
