public override void OnActionExecuting(ActionExecutingContext filterContext) { Operation operation = null; var permissionValidatorService = filterContext.HttpContext.RequestServices.GetService <IPermissionValidatorService>(); try { operation = typeof(Operation).GetField(_opname).GetValue(null) as Operation; } catch (Exception) { operation = null; } if (operation == null) { filterContext.Result = NoPermissionResult.Generate(); } else { try { IPrincipal user = filterContext.HttpContext.User; if (!permissionValidatorService.HasAccess(user, operation)) { filterContext.Result = NoPermissionResult.Generate(); } } catch { filterContext.Result = NoPermissionResult.Generate(); } } }
public override void OnActionExecuting(ActionExecutingContext filterContext) { try { var permissionValidatorService = filterContext.HttpContext.RequestServices.GetService <IPermissionValidatorService>(); int id = 0; if (filterContext.ActionArguments.ContainsKey("id")) { Int32.TryParse(filterContext.ActionArguments["id"].ToString(), out id); } else if (filterContext.ActionArguments.ContainsKey("employee")) { Employee val = filterContext.ActionArguments["employee"] as Employee; if (val != null) { id = val.ID; } } if (permissionValidatorService.HasAccessToEmployeeUpdate(filterContext.HttpContext.User, id)) { return; } else { filterContext.Result = NoPermissionResult.Generate(); } } catch { filterContext.Result = NoPermissionResult.Generate(); } }
public override void OnActionExecuting(ActionExecutingContext filterContext) { try { var permissionValidator = filterContext.HttpContext.RequestServices.GetService <IPermissionValidatorService>(); var applicationUserService = filterContext.HttpContext.RequestServices.GetService <IApplicationUserService>(); var projectExternalWorkspaceService = filterContext.HttpContext.RequestServices.GetService <IProjectExternalWorkspaceService>(); IPrincipal user = filterContext.HttpContext.User; if (!permissionValidator.HasAccess(user, Operation.ProjectView | Operation.ProjectExternalWorkspaceView | Operation.ProjectMyProjectView | Operation.ProjectMyDepartmentProjectView)) { filterContext.Result = NoPermissionResult.Generate(); } else if (permissionValidator.HasAccess(user, Operation.ProjectMyProjectView | Operation.ProjectMyDepartmentProjectView) && !permissionValidator.HasAccess(user, Operation.ProjectView | Operation.ProjectExternalWorkspaceView)) { ApplicationUser applicationUser = applicationUserService.GetUser(); int? id = null; try { id = filterContext.ActionArguments["id"] as int?; } catch (Exception) { } if (id != null) { ProjectExternalWorkspace projectExternalWorkspace = projectExternalWorkspaceService.GetById((int)id); Project project = projectExternalWorkspace.Project; if (project == null) { filterContext.Result = NoPermissionResult.Generate(); } else if (applicationUserService.IsMyProject(project) == false) { filterContext.Result = NoPermissionResult.Generate(); } } else { filterContext.Result = NoPermissionResult.Generate(); } } } catch (Exception) { filterContext.Result = NoPermissionResult.Generate(); } }
public override void OnActionExecuting(ActionExecutingContext filterContext) { try { var permissionValidator = filterContext.HttpContext.RequestServices.GetService <IPermissionValidatorService>(); IPrincipal user = filterContext.HttpContext.User; if (!permissionValidator.HasAccess(user, Operation.ProjectsHoursReportView | Operation.ProjectsHoursReportViewForManagedEmployees)) { filterContext.Result = NoPermissionResult.Generate(); } } catch { filterContext.Result = NoPermissionResult.Generate(); } }
public override void OnActionExecuting(ActionExecutingContext filterContext) { try { var permissionValidatorService = filterContext.HttpContext.RequestServices.GetService <IPermissionValidatorService>(); var applicationUserService = filterContext.HttpContext.RequestServices.GetService <IApplicationUserService>(); IPrincipal user = filterContext.HttpContext.User; if (!permissionValidatorService.HasAccess(user, Operation.TSHoursRecordPMApproveHours) || applicationUserService.GetEmployeeID() == 0) { filterContext.Result = NoPermissionResult.Generate(); } } catch { filterContext.Result = NoPermissionResult.Generate(); } }
public override void OnActionExecuting(ActionExecutingContext filterContext) { try { var permissionValidator = filterContext.HttpContext.RequestServices.GetService <IPermissionValidatorService>(); var projectService = filterContext.HttpContext.RequestServices.GetService <IProjectService>(); var applicationUserService = filterContext.HttpContext.RequestServices.GetService <IApplicationUserService>(); var projectScheduleEntryService = filterContext.HttpContext.RequestServices.GetService <IProjectScheduleEntryService>(); IPrincipal user = filterContext.HttpContext.User; if (!permissionValidator.HasAccess(user, Operation.ProjectCreateUpdate | Operation.ProjectScheduleEntryCreateUpdate | Operation.ProjectMyProjectView | Operation.ProjectMyDepartmentProjectView)) { filterContext.Result = NoPermissionResult.Generate(); } else if (permissionValidator.HasAccess(user, Operation.ProjectMyProjectView | Operation.ProjectMyDepartmentProjectView) && !permissionValidator.HasAccess(user, Operation.ProjectCreateUpdate | Operation.ProjectScheduleEntryCreateUpdate)) { ApplicationUser applicationUser = applicationUserService.GetUser(); int? id = null; int? projectId = null; try { id = filterContext.ActionArguments["id"] as int?; } catch (Exception) { } if (id == null) { try { projectId = filterContext.ActionArguments["projectID"] as int?; } catch (Exception) { } if (projectId == null) { try { projectId = filterContext.ActionArguments["projectid"] as int?; } catch (Exception) { } } } if (id != null || projectId != null) { Project project = null; if (id != null) { ProjectScheduleEntry projectScheduleEntry = projectScheduleEntryService.GetById(id.Value); project = projectScheduleEntry.Project; } else { project = projectService.GetById(projectId.Value); } if (project == null) { filterContext.Result = NoPermissionResult.Generate(); } else if (applicationUserService.IsMyProject(project) == false) { filterContext.Result = NoPermissionResult.Generate(); } } else { filterContext.Result = NoPermissionResult.Generate(); } } } catch (Exception) { filterContext.Result = NoPermissionResult.Generate(); } }