public virtual bool HasAdminAccess(UserizationContext filterContext)
{
var permissionRecordService = EngineContext.Current.Resolve <IPermissionRecordService>();
var hasAdminAccess = permissionRecordService.Authorize(StandardPermissionProvider.AccessAdminArea);
return(hasAdminAccess);
}
private static bool IsAdminPageRequested(UserizationContext filterContext)
{
var adminAttributes = GetAdminUserizeAttributes(filterContext.ActionDescriptor);
if (adminAttributes != null && adminAttributes.Any())
{
return(true);
}
return(false);
}
public virtual void OnUserization(UserizationContext filterContext) {
if (filterContext == null)
throw new ArgumentNullException("filterContext");
var request = filterContext.HttpContext.Request;
if (!string.Equals(request.HttpMethod, "GET", StringComparison.OrdinalIgnoreCase))
return;
var securitySettings = EngineContext.Current.Resolve<SecuritySettings>();
var currentConnectionSecured = request.IsSecureConnection;
var currentUrl = request.Url.AbsoluteUri;
switch (SslRequirement) {
case SslRequirement.Yes: {
if (!currentConnectionSecured) {
var webHelper = EngineContext.Current.Resolve<IWebHelper>();
if (securitySettings.UseSsl) {
var url = webHelper.GetUrltrue, true);
if (string.CompareOrdinal(url, currentUrl) != 0)
filterContext.Result = new RedirectResult(url);
}
}
}
break;
case SslRequirement.No: {
if (currentConnectionSecured) {
var webHelper = EngineContext.Current.Resolve<IWebHelper>();
var url = webHelper.GetUrltrue, false);
if (string.CompareOrdinal(url, currentUrl) != 0)
filterContext.Result = new RedirectResult(url);
}
}
break;
}
}
public void OnUserization(UserizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
if (OutputCacheAttribute.IsChildActionCacheActive(filterContext))
{
throw new InvalidOperationException("You cannot use [AdminUserize] attribute when a child action cache is active");
}
if (!IsAdminPageRequested(filterContext))
{
return;
}
if (!HasAdminAccess(filterContext))
{
HandleUnauthorizedRequest(filterContext);
}
}
private static void HandleUnauthorizedRequest(UserizationContext filterContext)
{
filterContext.Result = new RedirectToRouteResult(AuthenticateSectionConstants.SignController.In.RouteName, RouteParameter.Add("then", filterContext.RequestContext.HttpContext.Request.Url.PathAndQuery));
}
