kreta/KretaWeb/Security/MvcRolePackageAuthorizeAttribute.cs

using System;
using System.Web;
using System.Web.Mvc;
using Kreta.BusinessLogic.Security;
using Kreta.Enums.ManualEnums;

namespace Kreta.Web.Security
{
    public class MvcRolePackageAuthorizeAttribute : MvcRolePackageBaseAuthorizeAttribute
    {
        public MvcRolePackageAuthorizeAttribute(TanevEnum tanev, params string[] claimValue) : base(tanev, claimValue) { }
        public MvcRolePackageAuthorizeAttribute(params string[] claimValue) : base(TanevEnum.AktTanev, claimValue) { }

        public override KretaSecurityActions ActionType()
        {
            return KretaSecurityActions.Demand;
        }
    }

    public class MvcRolePackageDenyAuthorizeAttribute : MvcRolePackageBaseAuthorizeAttribute
    {
        public MvcRolePackageDenyAuthorizeAttribute(TanevEnum tanev, params string[] claimValue) : base(tanev, claimValue) { }
        public MvcRolePackageDenyAuthorizeAttribute(params string[] claimValue) : base(TanevEnum.AktTanev, claimValue) { }

        public override KretaSecurityActions ActionType()
        {
            return KretaSecurityActions.Deny;
        }
    }

    [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)]
    public abstract class MvcRolePackageBaseAuthorizeAttribute : AuthorizeAttribute
    {
        private string[] claimPackages;
        TanevEnum tanev;
        public abstract KretaSecurityActions ActionType();

        public MvcRolePackageBaseAuthorizeAttribute(TanevEnum tanev = TanevEnum.AktTanev, params string[] claimValue)
        {
            claimPackages = claimValue;
            this.tanev = tanev;
        }

        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            if ((tanev == TanevEnum.Mind
                    || (tanev == TanevEnum.AktTanev && ClaimData.IsActivTanev)
                    || (tanev == TanevEnum.KovTanev && ClaimData.SelectedTanevID.Value == ClaimData.KovTanevID)
                    || (tanev == TanevEnum.AktEsLezartTanev && ClaimData.SelectedTanevID.Value != ClaimData.KovTanevID)
                    || (tanev == TanevEnum.AktEsKovTanev && (ClaimData.IsActivTanev || ClaimData.SelectedTanevID.Value == ClaimData.KovTanevID))
                    || ActionType() == KretaSecurityActions.Deny)
                && AuthorizeCore(filterContext.HttpContext))
            {
                HttpCachePolicyBase cache = filterContext.HttpContext.Response.Cache;
                cache.SetProxyMaxAge(new TimeSpan(0L));
                cache.AddValidationCallback(new HttpCacheValidateHandler(CacheValidateHandler), null);
            }
            else
            {
                HandleUnauthorizedRequest(filterContext);
            }
        }

        public bool IsAuthorized(HttpContextBase httpContext)
        {
            return AuthorizeCore(httpContext);
        }

        protected override bool AuthorizeCore(HttpContextBase httpContext)
        {
            var result = AuthorizeHelper.CheckPackageAccess(claimPackages);
            if (ActionType() == KretaSecurityActions.Deny)
            {
                result = !result;
            }

            return result;
        }

        protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
        {
            AuthorizeHelper.MvcRequestAuthorizeFail(filterContext);
        }

        protected override HttpValidationStatus OnCacheAuthorization(HttpContextBase httpContext)
        {
            return !AuthorizeCore(httpContext) ? HttpValidationStatus.IgnoreThisRequest : HttpValidationStatus.Valid;
        }

        private void CacheValidateHandler(HttpContext context, object data, ref HttpValidationStatus validationStatus)
        {
            validationStatus = OnCacheAuthorization(new HttpContextWrapper(context));
        }
    }
}