CSLA.NET 5.4.2
CSLA .NET is a software development framework that helps you build a reusable, maintainable object-oriented business layer for your app.
Csla.Web.Mvc.Shared/HasPermissionAttribute.cs
Go to the documentation of this file.
1//-----------------------------------------------------------------------
2// <copyright file="HasPermissionAttribute.cs" company="Marimer LLC">
3// Copyright (c) Marimer LLC. All rights reserved.
4// Website: https://cslanet.com
5// </copyright>
6// <summary>Restricts callers to an action method.</summary>
7//-----------------------------------------------------------------------
8#if !NETSTANDARD2_0 && !NETCORE3_1 && !NET5_0
9using System;
10using System.Web;
11using System.Web.Mvc;
12using Csla.Rules;
13
14namespace Csla.Web.Mvc
15{
19 [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true, Inherited = true)]
20 public class HasPermissionAttribute : AuthorizeAttribute
21 {
22 private const string ERROR_MSG = "Authorization denied.";
23 private AuthorizationActions _action;
24 private Type _objectType;
25 private string _errorMsg = ERROR_MSG;
26
32 public HasPermissionAttribute(AuthorizationActions action, Type objectType)
33 {
34 _action = action;
35 _objectType = objectType;
36 }
37
44 public HasPermissionAttribute(AuthorizationActions action, Type objectType, string message)
45 : this(action, objectType)
46 {
47 _errorMsg = message;
48 }
49
55 protected override bool AuthorizeCore(HttpContextBase httpContext)
56 {
57 if (!Csla.ApplicationContext.User.Identity.IsAuthenticated) return false;
58
59 return BusinessRules.HasPermission(_action, _objectType);
60 }
61
68 protected override void HandleUnauthorizedRequest(System.Web.Mvc.AuthorizationContext filterContext)
69 {
70 if (filterContext.HttpContext.Request.IsAjaxRequest())
71 {
72 filterContext.HttpContext.Response.StatusCode = (int)System.Net.HttpStatusCode.InternalServerError;
73 filterContext.Result = new JsonResult()
74 {
75 JsonRequestBehavior = JsonRequestBehavior.AllowGet,
76 Data = new
77 {
78 ErrorType = this.GetType().Name,
79 Action = filterContext.ActionDescriptor.ActionName,
80 Message = _errorMsg
81 }
82 };
83 }
84 else
85 {
86 base.HandleUnauthorizedRequest(filterContext);
87 }
88 }
89 }
90}
91#endif
Tracks the business rules for a business object.
static bool HasPermission(AuthorizationActions action, Type objectType)
Checks per-type authorization rules.
override bool AuthorizeCore(HttpContextBase httpContext)
Determines whether access to the core framework is authorized.
HasPermissionAttribute(AuthorizationActions action, Type objectType, string message)
Creates an instance of the type.
HasPermissionAttribute(AuthorizationActions action, Type objectType)
Creates an instance of the type.
override void HandleUnauthorizedRequest(System.Web.Mvc.AuthorizationContext filterContext)
Processes HTTP requests that fail authorization and handles AJAX requests appropriately.
AuthorizationActions
Authorization actions.