public PersonService(IRepository<Firm> firmRepository, IRepository<Person> personRepository, IRepository<SeminarPerson> seminarPersonRepository, IRepository<Seminar> seminarRepository, IRepositoryWithTypedId<User, Guid> userRepository, IFirmService firmService, IRepositoryWithTypedId<AddressType, char> addressTypeRepository, IRepositoryWithTypedId<ContactType, char> contactTypeRepository, IRepository<Commodity> commodityRepository ) { _firmRepository = firmRepository; _personRepository = personRepository; _seminarPersonRepository = seminarPersonRepository; _seminarRepository = seminarRepository; _userRepository = userRepository; _firmService = firmService; _addressTypeRepository = addressTypeRepository; _contactTypeRepository = contactTypeRepository; _commodityRepository = commodityRepository; _membershipService = new AccountMembershipService(); }
protected override bool AuthorizeCore(System.Web.HttpContextBase httpContext) { // load the user and make sure they are valid var userName = httpContext.User.Identity.Name; var membership = new AccountMembershipService(); var result = membership.IsValidUser(userName); if (result) { // load the site id var siteId = httpContext.Request.RequestContext.RouteData.Values["site"]; var personRepository = SmartServiceLocator<IRepositoryWithTypedId<Person, string>>.GetService(); var person = personRepository.Queryable.First(a => a.User.LoweredUserName == userName.ToLower()); //httpContext.Result = new System.Web.Mvc.HttpStatusCodeResult((int)System.Net.HttpStatusCode.Forbidden); return person.Sites.Any(a => a.Id == (string)siteId); } return false; }