public bool ValidatePrivilege(mstUserPrivilege param) { try { _uow.Open(DBConnection.BMIERP); var repo = new mstUserPrivilegeRepository(_uow); var data = repo.ReadByFilter(x => x.Token == param.Token && x.Controller == param.Controller && x.RequestMethod == param.RequestMethod).FirstOrDefault(); if (data != null) { return(true); } return(false); } catch (Exception) { throw; } finally { _uow.Dispose(); } }
public bool validatePrivilege(mstUserPrivilege param) { try { return(this._Domain.ValidatePrivilege(param)); } catch (Exception) { throw; } }
/// <summary> /// Check auth and Logging before Executing Action /// </summary> /// <param name="actionContext"></param> public override void OnActionExecuting(HttpActionContext actionContext) { if (actionContext.ActionDescriptor.GetCustomAttributes <SkipGlobalActionFilterAttribute>().Any()) { return; } _log = actionContext.Request.GetDependencyScope().GetService(typeof(ILog)) as ILog; _userDomain = actionContext.Request.GetDependencyScope().GetService(typeof(IMstUserPrivilegeDomain)) as IMstUserPrivilegeDomain; var controllerName = actionContext.ActionDescriptor.ControllerDescriptor.ControllerName; var actionName = actionContext.ActionDescriptor.ActionName; var requestMethod = actionContext.Request.Method.Method; var ipAddress = GetClientIpAddress(actionContext); var tokenValue = actionContext.Request.Headers.Contains(Token) ? actionContext.Request.Headers.GetValues(Token).First() : string.Empty; _mstLog.RequestID = Guid.NewGuid(); _mstLog.ControllerName = controllerName; _mstLog.ActionName = actionName; _mstLog.RequestMethod = requestMethod; _mstLog.CreatedDate = DateTime.Now; _mstLog.Token = tokenValue; _log.Setup(_mstLog); try { _log.Info("Start Invoke......"); if (!string.IsNullOrEmpty(tokenValue)) { var param = new mstUserPrivilege(); _log.Info("IP Address : {0} ", ipAddress); param.Token = tokenValue; param.Controller = controllerName; param.RequestMethod = requestMethod; if (actionContext.ActionArguments.Count > 0) { _log.Debug("Parameter(s) : {0} ", getListParameter(actionContext)); } if (!_userDomain.ValidatePrivilege(param)) { actionContext.Response = new HttpResponseMessage(HttpStatusCode.Forbidden) { Content = new StringContent("Ooopss... You are not allowed to access this resource") }; } } else { _log.Info("Unauthorized user, ip address : {0} ", ipAddress); actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized) { Content = new StringContent("You are unauthorized to access this resource") }; } } catch (Exception ex) { _log.Error(ex, tokenValue); actionContext.Response = new HttpResponseMessage(HttpStatusCode.BadRequest) { Content = new StringContent("Ooops... Something went wrong!") }; } base.OnActionExecuting(actionContext); }