public DbManagement() { db = new DbPOS(); db.Configuration.LazyLoadingEnabled = false; }
public override void OnAuthorization(HttpActionContext actionContext) { try { db = new DbManagement().db; if (actionContext.Request.Headers.Authorization == null) { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized, new HttpJsonApiResult <string>("Unauthorized", actionContext.Request, HttpStatusCode.Unauthorized)); } else { string authenticationToken = actionContext.Request.Headers.Authorization.Parameter; if (_jwtService.IsTokenValid(authenticationToken)) { List <Claim> claims = _jwtService.GetTokenClaims(authenticationToken).ToList(); string userId = claims.FirstOrDefault(e => e.Type.Equals(ClaimTypes.NameIdentifier)).Value; User user = db.Users.Where(e => e.Id == new Guid(userId)) .Include(e => e.UserRoles.Select(a => a.Role)) .Include(e => e.UserTokens).FirstOrDefault(); ICollection <UserRole> userRoles = user.UserRoles; UserViewModel userAuthObject = new UserViewModel(user); if (user.UserTokens.Where(e => e.Token == authenticationToken).Count() != 0) { if (userRoles.Where(e => e.Role.Name == "superuser").FirstOrDefault() != null) { Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity(_objectService.SerializerObject(userAuthObject)), null); } else { UserRole thisRoleCanAccess = userRoles.Where(e => e.Role.RoleFeatures.Where( x => x.Feature.Name == _featureName).FirstOrDefault() != null).FirstOrDefault(); if (thisRoleCanAccess != null) { db.Configuration.ProxyCreationEnabled = false; Thread.CurrentPrincipal = new GenericPrincipal(new GenericIdentity(_objectService.SerializerObject(userAuthObject)), null); } else { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized, new HttpJsonApiResult <string>("Unauthorized", actionContext.Request, HttpStatusCode.Unauthorized)); } } } else { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized, new HttpJsonApiResult <string>("Unauthorized", actionContext.Request, HttpStatusCode.Unauthorized)); } } else { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized, new HttpJsonApiResult <string>("Unauthorized", actionContext.Request, HttpStatusCode.Unauthorized)); } } } catch (Exception) { actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized, new HttpJsonApiResult <string>("Unauthorized", actionContext.Request, HttpStatusCode.Unauthorized)); } }