public override void OnAuthorization(AuthorizationContext filterContext)
{
var Context = filterContext.RequestContext.HttpContext;
try
{
if (Context.Session["UserLogin"] == null)
{
Context.Response.Redirect("~/auth/login");
}
else
{
UserDTO UserLogin = (UserDTO)Context.Session["UserLogin"];
//get session and prosess match betwen menu, sub menu and user role
using (DBEntities db = new DBEntities())
{
//get tb_role base on role id in session user login
TB_ROLE UserRole = db.TB_ROLE.FirstOrDefault(r => r.ROLE_ID == UserLogin.ROLE_ID);
string[] url = filterContext.HttpContext.Request.RawUrl.ToString().Split('/');
string Title_Menu = url[2];
if (Title_Menu.ToLower() == "dashboard")
{
Context.Response.Redirect("~/dashboard");
}
else
{
if (Title_Menu == "" || Title_Menu == null)
{
Context.Response.Redirect("~");
}
TB_MENU Tb_Menu = db.TB_MENU.FirstOrDefault(m => m.TITLE_MENU == Title_Menu);
TB_ACCESS_MENU Access_Menu = db.TB_ACCESS_MENU.FirstOrDefault(am => (am.MENU_ID == Tb_Menu.MENU_ID && am.ROLE_ID == UserRole.ROLE_ID));
//cheking access based role user and tb_access_menu
if (Access_Menu == null)
{
throw new Exception();
}
}
};
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity(UserLogin.USERNAME), null);
}
}
catch (Exception e)
{
string msg = e.Message.Replace('\n', ' ') + e.StackTrace.Replace('\n', ' ');
Context.Response.Redirect("~/auth/error?msg=" + (ConfigurationManager.AppSettings["env"].ToString().Equals("development") ? msg : " "));
}
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("null"), null);
base.OnAuthorization(filterContext);
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
var Context = filterContext.RequestContext.HttpContext;
try
{
if (Context.Session["UserLogin"] == null)
{
Context.Response.Redirect("~/auth/login");
}
else
{
UserDTO UserLogin = (UserDTO)Context.Session["UserLogin"];
//get session and prosess match betwen menu, sub menu and user role
using (DBEntities db = new DBEntities())
{
//get tb_role base on role id in session user login
TB_ROLE UserRole = db.TB_ROLE.FirstOrDefault(r => r.ROLE_ID == UserLogin.ROLE_ID);
string[] url = filterContext.HttpContext.Request.RawUrl.ToString().Split('/');
string Title_Menu = url[1];
if (Title_Menu == "" || Title_Menu == null)
{
Context.Response.Redirect("~");
}
TB_MENU Tb_Menu = db.TB_MENU.FirstOrDefault(m => m.TITLE_MENU == Title_Menu);
TB_ACCESS_MENU Access_Menu = db.TB_ACCESS_MENU.FirstOrDefault(am => (am.MENU_ID == Tb_Menu.MENU_ID && am.ROLE_ID == UserRole.ROLE_ID));
//cheking access based role user and tb_access_menu
if (Access_Menu == null)
{
throw new Exception();
}
};
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity(UserLogin.USERNAME), null);
}
}
catch (Exception)
{
Context.Response.Redirect("~/auth/error");
}
Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity("null"), null);
base.OnAuthorization(filterContext);
}
public override void OnActionExecuting(ActionExecutingContext FilterContext)
{
var Context = FilterContext.RequestContext.HttpContext;
try
{
//get data user login
UserDTO DataUserLogin = (UserDTO)Context.Session["UserLogin"];
if (DataUserLogin == null)
{
Context.Response.Redirect("~/auth/login");
}
//get request url from user, and split to get sub menu and menu candidate
string[] Url = FilterContext.HttpContext.Request.RawUrl.Split('/');
string Menu = Url[1];
string SubMenu = Url[2];
string Action = "read";
if (Url.Length >= 5)
{
Action = Url[3];
}
//if (Url.Length >= 5)
//{
// Menu = Url[2];
// SubMenu = Url[3];
//}
//prepare data
using (DBEntities db = new DBEntities())
{
//prepare data menu base on url segment 2 (index 1)
TB_MENU DataMenu = db.TB_MENU.FirstOrDefault(m => m.TITLE_MENU == Menu);
//check that menu is there or not
if (DataMenu == null)
{
throw new Exception();
}
//get data access menu base on menu id and lore od of user login
TB_ACCESS_MENU DataAccessMenu = db.TB_ACCESS_MENU.FirstOrDefault(acc =>
acc.MENU_ID == DataMenu.MENU_ID &&
acc.ROLE_ID == DataUserLogin.ROLE_ID
);
//check data access menu is there or not
if (DataAccessMenu == null)
{
throw new Exception();
}
//prepare dat sub menu base on url segment 3 (index 2)
TB_SUBMENU DataSubMenu = db.TB_SUBMENU.FirstOrDefault(sm => sm.TITLE_SUBMENU == SubMenu);
//check existing data sub menu
if (DataSubMenu == null)
{
//for add ad edit job exp
if (Url.Length >= 5)
{
if (Url[4] != "jobexp")
{
throw new Exception();
}
}
}
//prepare data Action Candidate base of url segment 4 (index 3)
TB_ACTION_CANDIDATE DataActionCandidate = db.TB_ACTION_CANDIDATE.FirstOrDefault(ac => ac.ACTION_NAME == Action);
//check existing data action for data candidate
if (DataActionCandidate == null)
{
throw new Exception();
}
//take data from tb_user_access_menu_candidate base on role id user login, id menu, id sub menu
TB_USER_ACCESS_MENU_CANDIDATE Access = db.TB_USER_ACCESS_MENU_CANDIDATE.FirstOrDefault(acc =>
acc.ROLE_ID == DataUserLogin.ROLE_ID &&
acc.SUB_MENU_CANDIDATE_ID == DataSubMenu.SUB_MENU_ID &&
acc.ACTION_CANDIDATE_ID == DataActionCandidate.ID
);
//check existing data user access to sub menu candidate
if (Access == null)
{
throw new Exception();
}
}
}
catch (Exception e)
{
string msg = e.Message.Replace('\n', ' ') + e.StackTrace.Replace('\n', ' ');
Context.Response.Redirect("~/auth/error?msg=" + (ConfigurationManager.AppSettings["env"].ToString().Equals("development") ? msg : " "));
}
base.OnActionExecuting(FilterContext);
}
public override void OnActionExecuting(ActionExecutingContext FilterContext)
{
var Context = FilterContext.RequestContext.HttpContext;
try
{
//get data user login
UserDTO DataUserLogin = (UserDTO)Context.Session["UserLogin"];
if (DataUserLogin == null)
{
Context.Response.Redirect("~/auth/login");
}
//get request url from user, and split to get sub menu and menu candidate
string[] Url = FilterContext.HttpContext.Request.RawUrl.Split('/');
string Menu = Url[1];
string SubMenu = Url[2];
string Action = "read";
if (Url.Length == 4)
{
Action = Url[3];
}
//prepare data
using (DBEntities db = new DBEntities())
{
//prepare data menu base on url segment 2 (index 1)
TB_MENU DataMenu = db.TB_MENU.FirstOrDefault(m => m.TITLE_MENU == Menu);
//check that menu is there or not
if (DataMenu == null)
{
throw new Exception();
}
//get data access menu base on menu id and lore od of user login
TB_ACCESS_MENU DataAccessMenu = db.TB_ACCESS_MENU.FirstOrDefault(acc =>
acc.MENU_ID == DataMenu.MENU_ID &&
acc.ROLE_ID == DataUserLogin.ROLE_ID
);
//check data access menu is there or not
if (DataAccessMenu == null)
{
throw new Exception();
}
//prepare dat sub menu base on url segment 3 (index 2)
TB_SUBMENU DataSubMenu = db.TB_SUBMENU.FirstOrDefault(sm => sm.TITLE_SUBMENU == SubMenu);
//check existing data sub menu
if (DataSubMenu == null)
{
throw new Exception();
}
//prepare data Action Candidate base of url segment 4 (index 3)
TB_ACTION_CANDIDATE DataActionCandidate = db.TB_ACTION_CANDIDATE.FirstOrDefault(ac => ac.ACTION_NAME == Action);
//check existing data action for data candidate
if (DataActionCandidate == null)
{
throw new Exception();
}
//take data from tb_user_access_menu_candidate base on role id user login, id menu, id sub menu
TB_USER_ACCESS_MENU_CANDIDATE Access = db.TB_USER_ACCESS_MENU_CANDIDATE.FirstOrDefault(acc =>
acc.ROLE_ID == DataUserLogin.ROLE_ID &&
acc.SUB_MENU_CANDIDATE_ID == DataSubMenu.SUB_MENU_ID &&
acc.ACTION_CANDIDATE_ID == DataActionCandidate.ID
);
//check existing data user access to sub menu candidate
if (Access == null)
{
throw new Exception();
}
}
}
catch (Exception)
{
Context.Response.Redirect("~/auth/error");
}
base.OnActionExecuting(FilterContext);
}
