using Autofac;
using GreenTree.Nachtragsmanagement.Core;
using GreenTree.Nachtragsmanagement.Core.Authentication;
using GreenTree.Nachtragsmanagement.Services.User;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Web;
using System.Web.Mvc;
namespace GreenTree.Nachtragsmanagement.Web.Framework.Authorization
{
public class RoleAuthorizeAttribute : AuthorizeAttribute
{
#region Fields
private readonly IAuthenticationService _authenticationService;
private readonly IUserHelper _userHelper;
private readonly string[] _allowedFunctions;
private readonly bool _showNotAuthorized;
#endregion
///
/// Initializes a new instance of the RoleAuthorizeAttribute class
///
/// Determines if a NotAuthorized message or a login redirection is made.
/// The functions needed.
public RoleAuthorizeAttribute(bool showNotAuthorized, params string[] functions)
{
_showNotAuthorized = showNotAuthorized;
_allowedFunctions = functions;
_authenticationService = Singleton.Instance.Resolve();
_userHelper = Singleton.Instance.Resolve();
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var user = _userHelper.FromCookies();
if (user == null)
return false;
if (!_allowedFunctions.Any())
return true;
foreach (var role in user.Roles)
{
foreach (var function in role.Functions)
{
var allowed = _allowedFunctions.Contains(function.Description);
if (allowed)
return true;
}
}
return false;
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
if (!_showNotAuthorized)
filterContext.Result = new RedirectResult("~/login");
else
filterContext.Result = new RedirectResult("~/global/notauthorized");
}
}
}