odytrice/AuthorizeUser.cs

## AuthorizeUser.cs
public class AuthorizeUserAttribute: AuthorizeAttribute
{
    private string[] _permissions;
    private IUserManager _user;
    public AuthorizeUserAttribute(params string[] permissions)
    {
        _permissions = permissions;
        _user = NinjectContainer.Resolve<IUserManager>();
    }
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        //First Make Sure that the User is Authenticated
        if (httpContext.User.Identity.IsAuthenticated)
        {
            //Get Permissions List in Session
            var permissions = httpContext.Session[SessionKeys.Permissions] as string[];
            if (permissions == null)
            {
                //Fetch Permissions
                var getPermissions = _user.GetPermissions(httpContext.User.Identity.GetUserId<int>());
                if (getPermissions.Succeeded)
                {
                    //Cache Permissions
                    httpContext.Session[SessionKeys.Permissions] = getPermissions.Result.Select(p => p.Name).ToArray();

                    //Check to See if User Has all the Required Permissions
                    var query = from permission in _permissions
                                join userpermission in getPermissions.Result
                                on permission.ToLower() equals userpermission.Name.ToLower()
                                select permission;
                    return query.Any();
                }
            }
            else
            {
                var query = from permission in _permissions
                            join userpermission in permissions
                            on permission.ToLower() equals userpermission.ToLower()
                            select permission;
                return query.Any();
            }
        }
        return false;
    }

    protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
    {
        filterContext.Result = new RedirectResult("/home/notauthorized");
    }
}
	public class AuthorizeUserAttribute: AuthorizeAttribute
	{
	private string[] _permissions;
	private IUserManager _user;
	public AuthorizeUserAttribute(params string[] permissions)
	{
	_permissions = permissions;
	_user = NinjectContainer.Resolve<IUserManager>();
	}
	protected override bool AuthorizeCore(HttpContextBase httpContext)
	{
	//First Make Sure that the User is Authenticated
	if (httpContext.User.Identity.IsAuthenticated)
	{
	//Get Permissions List in Session
	var permissions = httpContext.Session[SessionKeys.Permissions] as string[];
	if (permissions == null)
	{
	//Fetch Permissions
	var getPermissions = _user.GetPermissions(httpContext.User.Identity.GetUserId<int>());
	if (getPermissions.Succeeded)
	{
	//Cache Permissions
	httpContext.Session[SessionKeys.Permissions] = getPermissions.Result.Select(p => p.Name).ToArray();

	//Check to See if User Has all the Required Permissions
	var query = from permission in _permissions
	join userpermission in getPermissions.Result
	on permission.ToLower() equals userpermission.Name.ToLower()
	select permission;
	return query.Any();
	}
	}
	else
	{
	var query = from permission in _permissions
	join userpermission in permissions
	on permission.ToLower() equals userpermission.ToLower()
	select permission;
	return query.Any();
	}
	}
	return false;
	}

	protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
	{
	filterContext.Result = new RedirectResult("/home/notauthorized");
	}
	}