Vassi/HasAllowanceAttribute.cs

## HasAllowanceAttribute.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Web.Mvc;
using MvcFlash.Core;
using System.Web;
using LC.MVC.UserModule;

namespace LC.MVC.UserModule.Infrastructure
{

    public class HasAllowanceAttribute : AuthorizeAttribute
    {
        private enum AuthResult { ForceLogin, Forbidden, Allow }
        private string[] permissionsSplit = new string[0];

        public bool AdminOnly { get; set; }

        public HasAllowanceAttribute()
        {

        }

        public HasAllowanceAttribute(params string[] args)
        {
            if (args != null && args.Length > 0)
                permissionsSplit = args;
        }

        public HasAllowanceAttribute(bool adminOnly, params string[] args)
        {
            AdminOnly = adminOnly;
            if (args != null && args.Length > 0)
                permissionsSplit = args;
        }

        private AuthResult AuthorizeAccess(HttpContextBase httpContext)
        {
            if (httpContext == null)
            {
                throw new ArgumentNullException("httpContext");
            }

            var user = httpContext.User.AsAppUser();
            if (!user.IsAuthenticated)
                return AuthResult.ForceLogin;


            if (AdminOnly && !user.isGlobalAdmin)
                return AuthResult.Forbidden;

            if (permissionsSplit.Length > 0 && !permissionsSplit.All(x => user.Can(x)))
                return AuthResult.Forbidden;

            return AuthResult.Allow;
        }

        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            if (filterContext == null)
            {
                throw new ArgumentNullException("filterContext");
            }

            var result = AuthorizeAccess(filterContext.HttpContext);
            switch (result)
            {
                case AuthResult.ForceLogin:
                    Flash.Error("You must be logged in to view this page.");
                    filterContext.Result = new HttpUnauthorizedResult();
                    break;
                case AuthResult.Forbidden:
                    filterContext.Result = new RedirectToRouteResult("umForbidden", null);
                    break;
                case AuthResult.Allow:
                    HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
                    cachePolicy.SetProxyMaxAge(new TimeSpan(0));
                    cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */);
                    break;
            }
        }

        private void CacheValidateHandler(HttpContext context, object data, ref HttpValidationStatus validationStatus)
        {
            validationStatus = OnCacheAuthorization(new HttpContextWrapper(context));
        }
    }
}
	using System;
	using System.Collections.Generic;
	using System.Linq;
	using System.Text;
	using System.Web.Mvc;
	using MvcFlash.Core;
	using System.Web;
	using LC.MVC.UserModule;

	namespace LC.MVC.UserModule.Infrastructure
	{

	public class HasAllowanceAttribute : AuthorizeAttribute
	{
	private enum AuthResult { ForceLogin, Forbidden, Allow }
	private string[] permissionsSplit = new string[0];

	public bool AdminOnly { get; set; }

	public HasAllowanceAttribute()
	{

	}

	public HasAllowanceAttribute(params string[] args)
	{
	if (args != null && args.Length > 0)
	permissionsSplit = args;
	}

	public HasAllowanceAttribute(bool adminOnly, params string[] args)
	{
	AdminOnly = adminOnly;
	if (args != null && args.Length > 0)
	permissionsSplit = args;
	}

	private AuthResult AuthorizeAccess(HttpContextBase httpContext)
	{
	if (httpContext == null)
	{
	throw new ArgumentNullException("httpContext");
	}

	var user = httpContext.User.AsAppUser();
	if (!user.IsAuthenticated)
	return AuthResult.ForceLogin;


	if (AdminOnly && !user.isGlobalAdmin)
	return AuthResult.Forbidden;

	if (permissionsSplit.Length > 0 && !permissionsSplit.All(x => user.Can(x)))
	return AuthResult.Forbidden;

	return AuthResult.Allow;
	}

	public override void OnAuthorization(AuthorizationContext filterContext)
	{
	if (filterContext == null)
	{
	throw new ArgumentNullException("filterContext");
	}

	var result = AuthorizeAccess(filterContext.HttpContext);
	switch (result)
	{
	case AuthResult.ForceLogin:
	Flash.Error("You must be logged in to view this page.");
	filterContext.Result = new HttpUnauthorizedResult();
	break;
	case AuthResult.Forbidden:
	filterContext.Result = new RedirectToRouteResult("umForbidden", null);
	break;
	case AuthResult.Allow:
	HttpCachePolicyBase cachePolicy = filterContext.HttpContext.Response.Cache;
	cachePolicy.SetProxyMaxAge(new TimeSpan(0));
	cachePolicy.AddValidationCallback(CacheValidateHandler, null /* data */);
	break;
	}
	}

	private void CacheValidateHandler(HttpContext context, object data, ref HttpValidationStatus validationStatus)
	{
	validationStatus = OnCacheAuthorization(new HttpContextWrapper(context));
	}
	}
	}