Skip to content

Instantly share code, notes, and snippets.

@danielplawgo

danielplawgo/InvoiceLogic.cs

Last active May 17, 2018 08:06
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save danielplawgo/71903ccde316b38103947de0df498d2b to your computer and use it in GitHub Desktop.
Save danielplawgo/71903ccde316b38103947de0df498d2b to your computer and use it in GitHub Desktop.
Download ZIP
Własny filtr akcji – autoryzacja z wykorzystaniem logiki biznesowej
Raw
InvoiceLogic.cs
public bool HasAccess(ApplicationUser user, Invoice entity)
{
if(user == null)
{
throw new ArgumentNullException("user");
}
if(entity == null)
{
throw new ArgumentNullException("entity");
}
if(entity.UserId == user.Id)
{
return true;
}
if (user.IsAdmin)
{
return true;
}
return false;
}
Raw
InvoicesController.cs
public class InvoicesController : Controller
{
public ActionResult Create(int id)
{
return View();
}
public ActionResult Edit(int id)
{
return View();
}
}
Raw
InvoicesController2.cs
[LogicAuthorize(typeof(IInvoiceLogic))]
public class InvoicesController : Controller
{
private IInvoiceLogic _invoiceLogic;
public InvoicesController(IInvoiceLogic invoiceLogic)
{
_invoiceLogic = invoiceLogic;
}
public ActionResult Index()
{
return View();
}
public ActionResult Edit(int id)
{
return View(_invoiceLogic.GetById(id));
}
[HttpPost]
public ActionResult Edit(Invoice invoice)
{
return View(invoice);
}
}
Raw
LogicAuthorizeAttribute.cs
private bool IsAuthenticated(AuthorizationContext filterContext)
{
if (filterContext.RequestContext.HttpContext.User.Identity.IsAuthenticated)
{
return true;
}
return false;
}
Raw
LogicAuthorizeAttribute2.cs
private int? GetId(AuthorizationContext filterContext)
{
string idValue = string.Empty;
if (filterContext.RouteData.Values.Any(d => d.Key == "id"))
{
idValue = filterContext.RouteData.Values.FirstOrDefault(d => d.Key == "id").Value.ToString();
}
if (string.IsNullOrEmpty(idValue))
{
if (filterContext.HttpContext.Request.QueryString.AllKeys.Any(k => k == "id"))
{
idValue = filterContext.HttpContext.Request.QueryString["id"];
}
}
if (string.IsNullOrEmpty(idValue))
{
return null;
}
int id = 0;
if (int.TryParse(idValue, out id) == false)
{
throw new ArgumentException("The id parameter in request has wrong value.");
}
return id;
}
Raw
LogicAuthorizeAttribute3.cs
private bool HasAccess(AuthorizationContext filterContext, int? id)
{
if (id.HasValue == false)
{
return false;
}
var user = UserLogic.GetByName(filterContext.RequestContext.HttpContext.User.Identity.Name);
if (user == null)
{
HandleUnauthorizedRequest(filterContext);
return true;
}
if (AuthorizeLogic.HasAccess(user, id.Value))
{
return true;
}
return false;
}
Raw
LogicAuthorizeAttribute4.cs
public void OnAuthorization(AuthorizationContext filterContext)
{
if (IsAuthenticated(filterContext) == false)
{
HandleUnauthorizedRequest(filterContext);
return;
}
int? id = GetId(filterContext);
if (id.HasValue == false)
{
return;
}
if (HasAccess(filterContext, id))
{
return;
}
HandleUnauthorizedRequest(filterContext);
}
Raw
LogicAuthorizeAttribute5.cs
protected void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary(
new
{
controller = "Account",
action = "Login"
})
);
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment