public static AccessAttribute GetAnnotation(MethodInfo method)
{
AccessAttribute attr = null;
if (method != null)
{
attr = method.GetCustomAttributes(typeof(AccessAttribute), false).FirstOrDefault() as AccessAttribute;
}
return(attr == null ? null : (attr.Name.Length > 0 ? attr : null));
}
public static AccessAttribute GetAnnotation(Type objectType)
{
AccessAttribute attr = null;
if (objectType != null)
{
attr = objectType.GetCustomAttributes(typeof(AccessAttribute), false).FirstOrDefault() as AccessAttribute;
}
return(attr == null ? null : (attr.Name.Length > 0 ? attr : null));
}
public static Access GetAccess(PropertyInfo property)
{
Access access = new Access();
AccessAttribute accessAttrib = property.GetCustomAttribute <AccessAttribute>();
if (accessAttrib == null)
{
return(null);
}
access.Admin = accessAttrib.Admin;
access.Owner = accessAttrib.Owner;
access.Referrer = accessAttrib.Referrer;
return(access);
}
/// <summary>
/// Do additional security checks for the manager area.
/// </summary>
/// <param name="filterContext"></param>
protected override void OnActionExecuting(System.Web.Mvc.ActionExecutingContext filterContext) {
if (User.Identity.IsAuthenticated && User.HasAccess("ADMIN")) {
// Get methodinfo for current action.
MethodInfo m = null ;
try {
m = this.GetType().GetMethod(filterContext.ActionDescriptor.ActionName) ;
} catch {
// If this fails we have multiple actions with the same name. We'll have to try and
// match it on FormMethod.
this.GetType().GetMethods().Each((i, method) => {
if (method.Name == filterContext.ActionDescriptor.ActionName) {
if (Request.HttpMethod == "POST") {
if (method.GetCustomAttribute<HttpPostAttribute>(true) != null) {
m = method ;
}
} else if (Request.HttpMethod == "GET") {
if (method.GetCustomAttribute<HttpGetAttribute>(true) != null ||
method.GetCustomAttribute<HttpPostAttribute>(true) == null) {
m = method ;
}
}
}
}) ;
}
if (m != null) {
AccessAttribute attr = m.GetCustomAttribute<AccessAttribute>(true) ;
if (attr != null) {
if (!User.HasAccess(attr.Function))
filterContext.Result = RedirectToAction("index", "account") ;
}
}
base.OnActionExecuting(filterContext) ;
} else {
filterContext.Result = RedirectToAction("index", "account") ;
}
}
/// <summary>
/// Do additional security checks for the manager area.
/// </summary>
/// <param name="filterContext"></param>
protected override void OnActionExecuting(System.Web.Mvc.ActionExecutingContext filterContext)
{
if (App.Instance.UserProvider.IsAuthenticated && User.HasAccess("ADMIN"))
{
// Get methodinfo for current action.
MethodInfo m = null;
try {
m = this.GetType().GetMethod(filterContext.ActionDescriptor.ActionName, BindingFlags.Public | BindingFlags.Instance | BindingFlags.IgnoreCase);
} catch {
// If this fails we have multiple actions with the same name. We'll have to try and
// match it on FormMethod.
this.GetType().GetMethods().Each((i, method) => {
if (method.Name.ToLower() == filterContext.ActionDescriptor.ActionName.ToLower())
{
if (Request.HttpMethod == "POST")
{
if (method.GetCustomAttribute <HttpPostAttribute>(true) != null)
{
m = method;
}
}
else if (Request.HttpMethod == "GET")
{
if (method.GetCustomAttribute <HttpGetAttribute>(true) != null ||
method.GetCustomAttribute <HttpPostAttribute>(true) == null)
{
m = method;
}
}
}
});
}
if (m != null)
{
AccessAttribute attr = m.GetCustomAttribute <AccessAttribute>(true);
if (attr != null)
{
if (!User.HasAccess(attr.Function))
{
filterContext.Result = RedirectToAction("index", "account");
}
}
}
// Get possible return url
if (!String.IsNullOrEmpty(Request["returl"]))
{
ViewBag.ReturnUrl = Request["returl"];
}
else
{
ViewBag.ReturnUrl = "";
}
if (TempData.ContainsKey("MessageCss"))
{
ViewBag.MessageCss = TempData["MessageCss"];
TempData.Remove("MessageCss");
}
if (TempData.ContainsKey("Message"))
{
ViewBag.Message = TempData["Message"];
TempData.Remove("Message");
}
base.OnActionExecuting(filterContext);
}
else
{
filterContext.Result = RedirectToAction("index", "account");
}
}
