protected override bool AuthorizeCore(HttpContextBase httpContext)
{
using (var db = new DB())
{
var id = 0;
if (((MvcHandler)httpContext.Handler).RequestContext.RouteData.Values["id"] != null)
id = Convert.ToInt32(((MvcHandler)httpContext.Handler).RequestContext.RouteData.Values["id"]);
else
id = Convert.ToInt32(httpContext.Request.Form["id"]);
var user = db.Users.Find(id);
if (user == null)
{
return false;
}
if (!string.IsNullOrEmpty(httpContext.User.Identity.Name))
{
var group = db.UserGroups.Where(ug => ug.LoginName == httpContext.User.Identity.Name).FirstOrDefault();
if (group == null)
{
return false;
}
if (user.UserGroupID != group.ID)
{
return false;
}
}
}
return true;
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
using (var db = new DB())
{
var id = 0;
if (((MvcHandler)httpContext.Handler).RequestContext.RouteData.Values["id"] != null)
id = Convert.ToInt32(((MvcHandler)httpContext.Handler).RequestContext.RouteData.Values["id"]);
else
id = Convert.ToInt32(httpContext.Request.Form["id"]);
var product = db.Products.Find(id);
if (product == null)
{
return false;
}
if (!string.IsNullOrEmpty(httpContext.User.Identity.Name))
{
var bussiness = db.Businesses.Where(ug => ug.LoginName == httpContext.User.Identity.Name).FirstOrDefault();
if (bussiness == null)
{
return false;
}
if (product.BusinessID != bussiness.ID)
{
return false;
}
}
}
return true;
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
using (var db = new DB())
{
var id = 0;
if (((MvcHandler)httpContext.Handler).RequestContext.RouteData.Values["id"] != null)
id = Convert.ToInt32(((MvcHandler)httpContext.Handler).RequestContext.RouteData.Values["id"]);
else
id = Convert.ToInt32(httpContext.Request.Form["id"]);
var user = db.Users.Find(id);
if (!httpContext.User.Identity.Name.Equals(user.UserName))
{
return false;
}
}
return true;
}