public void OnAuthorization(AuthorizationContext filterContext)
{
RouteData rd = filterContext.RouteData;
string controller = rd.GetRequiredString("controller");
string action = rd.GetRequiredString("action");
////////////////////////////////////////
// Bypass if this action has excluded the RequestAuthorize filter
// aka allow anonymous access
////////////////////////////////////////
var filters = FilterProviders.Providers.GetFilters(filterContext.Controller.ControllerContext, filterContext.ActionDescriptor);
if (!filters.Select(filter => filter.Instance.GetType()).Contains(typeof(RequestAuthorizeAttribute)))
{
return;
}
////////////////////////////////////////
// Login by token
////////////////////////////////////////
string token = filterContext.RequestContext.HttpContext.Request.QueryString.Get("token");
if (token != null)
{
var urlHelper = new UrlHelper(filterContext.RequestContext);
if (TokenLogin.ValidateToken(token))
{
return;
}
HandleUnauthorizedRequest(filterContext);
}
////////////////////////////////////////
// Normal request
////////////////////////////////////////
if (RequestPermissionProvider.LoginRequired.Contains(controller))
{
if (!CurrentUser.IsAuthenticated)
{
HandleUnauthorizedRequest(filterContext);
}
}
else
{
if (!CurrentUser.IsAuthenticated)
{
HandleUnauthorizedRequest(filterContext);
}
else if (!CurrentUser.HasPermission(controller, action) && !MvcHelper.CheckActionIsAjaxOnly(controller, action))
{
HandleUnauthorizedRequest(filterContext);
}
}
SetLanguages();
}
