using Autofac;
using GreenTree.Nachtragsmanagement.Core;
using GreenTree.Nachtragsmanagement.Core.Authentication;
using GreenTree.Nachtragsmanagement.Core.Domain.User;
using GreenTree.Nachtragsmanagement.Services.User;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Web;
using System.Web.Mvc;
namespace GreenTree.Nachtragsmanagement.Web.Framework.Authorization
{
public class FunctionAuthorizeAttribute : AuthorizeAttribute
{
#region Fields
private readonly IAuthenticationService _authenticationService;
private readonly IUserHelper _userHelper;
private readonly IUserService _userService;
private readonly string[] _allowedFunctions;
private readonly bool _showNotAuthorized;
#endregion
///
/// Initializes a new instance of the FunctionAuthorizeAttribute class
///
/// Determines if a NotAuthorized message or a login redirection is made.
/// The functions needed.
public FunctionAuthorizeAttribute(bool showNotAuthorized, params string[] functions)
{
_showNotAuthorized = showNotAuthorized;
_allowedFunctions = functions;
_authenticationService = Singleton.Instance.Resolve();
_userHelper = Singleton.Instance.Resolve();
_userService = Singleton.Instance.Resolve();
}
///
/// Core authorization
///
/// Current HttpContext.
/// Valid access.
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var cookieUser = _userHelper.FromCookiesOrSession();
if (cookieUser == null)
{
cookieUser = CheckWindowsAuthentication(httpContext);
if (cookieUser == null)
return false;
}
if (!_allowedFunctions.Any())
return true;
var dbUser = _userService.GetUserById(cookieUser.Id);
var role = (cookieUser != null && cookieUser.CurrentRole != null)
? _userService.GetRoleById(cookieUser.CurrentRole.Id)
: null;
if (role == null)
dbUser.CurrentRole = dbUser.Roles
.First(r1 => r1.Level == dbUser.Roles.Max(r2 => r2.Level));
else
dbUser.CurrentRole = role;
_userHelper.ToCookiesAndSession(dbUser, DateTime.Now.AddHours(8), true);
foreach (var function in dbUser.CurrentRole.Functions)
{
var allowed = _allowedFunctions.Contains(function.Name);
if (allowed)
return true;
}
return false;
}
///
/// Handle not authorized access
///
/// Current filterContext.
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
if (!_showNotAuthorized)
filterContext.Result = new RedirectResult("~/login");
else
filterContext.Result = new RedirectResult("~/global/notauthorized");
}
#region Windows authentication
///
/// Checks for Windows SSO authentication
///
/// Current HttpContext.
private User CheckWindowsAuthentication(HttpContextBase httpContext)
{
if (httpContext.User == null || String.IsNullOrEmpty(httpContext.User.Identity.Name)) return null;
var username = httpContext.User.Identity.Name.Split('\\').Length > 1
? httpContext.User.Identity.Name.Split('\\')[1]
: httpContext.User.Identity.Name;
var user = _userService.GetUserByCustomNumber(username);
if (user == null)
return null;
user.CurrentRole = user.Roles.First(r1 => r1.Level == user.Roles.Max(r2 => r2.Level));
_userHelper.ToCookiesAndSession(user, DateTime.Now.AddHours(8));
return user;
}
#endregion
}
}