init

KretaWeb/Security/MvcRolePackageAuthorizeAttribute.cs

@@ -0,0 +1,95 @@
+using System;
+using System.Web;
+using System.Web.Mvc;
+using Kreta.BusinessLogic.Security;
+using Kreta.Enums.ManualEnums;
+
+namespace Kreta.Web.Security
+{
+    public class MvcRolePackageAuthorizeAttribute : MvcRolePackageBaseAuthorizeAttribute
+    {
+        public MvcRolePackageAuthorizeAttribute(TanevEnum tanev, params string[] claimValue) : base(tanev, claimValue) { }
+        public MvcRolePackageAuthorizeAttribute(params string[] claimValue) : base(TanevEnum.AktTanev, claimValue) { }
+
+        public override KretaSecurityActions ActionType()
+        {
+            return KretaSecurityActions.Demand;
+        }
+    }
+
+    public class MvcRolePackageDenyAuthorizeAttribute : MvcRolePackageBaseAuthorizeAttribute
+    {
+        public MvcRolePackageDenyAuthorizeAttribute(TanevEnum tanev, params string[] claimValue) : base(tanev, claimValue) { }
+        public MvcRolePackageDenyAuthorizeAttribute(params string[] claimValue) : base(TanevEnum.AktTanev, claimValue) { }
+
+        public override KretaSecurityActions ActionType()
+        {
+            return KretaSecurityActions.Deny;
+        }
+    }
+
+    [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)]
+    public abstract class MvcRolePackageBaseAuthorizeAttribute : AuthorizeAttribute
+    {
+        private string[] claimPackages;
+        TanevEnum tanev;
+        public abstract KretaSecurityActions ActionType();
+
+        public MvcRolePackageBaseAuthorizeAttribute(TanevEnum tanev = TanevEnum.AktTanev, params string[] claimValue)
+        {
+            claimPackages = claimValue;
+            this.tanev = tanev;
+        }
+
+        public override void OnAuthorization(AuthorizationContext filterContext)
+        {
+            if ((tanev == TanevEnum.Mind
+                    || (tanev == TanevEnum.AktTanev && ClaimData.IsActivTanev)
+                    || (tanev == TanevEnum.KovTanev && ClaimData.SelectedTanevID.Value == ClaimData.KovTanevID)
+                    || (tanev == TanevEnum.AktEsLezartTanev && ClaimData.SelectedTanevID.Value != ClaimData.KovTanevID)
+                    || (tanev == TanevEnum.AktEsKovTanev && (ClaimData.IsActivTanev || ClaimData.SelectedTanevID.Value == ClaimData.KovTanevID))
+                    || ActionType() == KretaSecurityActions.Deny)
+                && AuthorizeCore(filterContext.HttpContext))
+            {
+                HttpCachePolicyBase cache = filterContext.HttpContext.Response.Cache;
+                cache.SetProxyMaxAge(new TimeSpan(0L));
+                cache.AddValidationCallback(new HttpCacheValidateHandler(CacheValidateHandler), null);
+            }
+            else
+            {
+                HandleUnauthorizedRequest(filterContext);
+            }
+        }
+
+        public bool IsAuthorized(HttpContextBase httpContext)
+        {
+            return AuthorizeCore(httpContext);
+        }
+
+        protected override bool AuthorizeCore(HttpContextBase httpContext)
+        {
+            var result = AuthorizeHelper.CheckPackageAccess(claimPackages);
+            if (ActionType() == KretaSecurityActions.Deny)
+            {
+                result = !result;
+            }
+
+            return result;
+        }
+
+        protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
+        {
+            AuthorizeHelper.MvcRequestAuthorizeFail(filterContext);
+        }
+
+        protected override HttpValidationStatus OnCacheAuthorization(HttpContextBase httpContext)
+        {
+            return !AuthorizeCore(httpContext) ? HttpValidationStatus.IgnoreThisRequest : HttpValidationStatus.Valid;
+        }
+
+        private void CacheValidateHandler(HttpContext context, object data, ref HttpValidationStatus validationStatus)
+        {
+            validationStatus = OnCacheAuthorization(new HttpContextWrapper(context));
+        }
+    }
+}