public override void OnActionExecuting(ActionExecutingContext filterContext) { HttpRequest request = HttpContext.Current.Request; // TODO: DI // TODO: Caching string permissionsDbPath = Path.Combine(AppDomain.CurrentDomain.GetData("DataDirectory").ToString(), "PermissionsDB.xml"); var permissionsRepo = new PermissionsXmlRepository(permissionsDbPath); var rolesCsvProvider = new RolesCsvCookieProvider(request); var permissionsService = new PermissionsService(permissionsRepo, rolesCsvProvider); string controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName; bool canAccessUrl = controllerName == "Error" || permissionsService.HasUrlPermission(request.RawUrl, request.HttpMethod); bool canAccessMethod = RequiredTask == null || permissionsService.HasTaskPermission(RequiredTask); Debug.WriteLine($"AuthFilter canAccessUrl: {canAccessUrl}, canAccessMethod: {canAccessMethod}"); if (!canAccessUrl || !canAccessMethod) { if (filterContext.HttpContext.Request.IsAjaxRequest()) { filterContext.Result = new RedirectToRouteResult( new RouteValueDictionary { { "controller", "Error" }, { "action", "PermissionErrorAjax" } }); } else { filterContext.Result = new RedirectToRouteResult( new RouteValueDictionary { { "controller", "Error" }, { "action", "PermissionError" } }); } } base.OnActionExecuting(filterContext); }
public PermissionsRepositoryXmlTests() { _repo = new PermissionsXmlRepository(@"Resources\TestPermissionsDB.xml"); }