using System; using System.Linq; using System.Web; using System.Web.Mvc; using System.Web.Routing; using System.Web.Security; using ApacKernel; using ApacKernel.Authentication; using ApacKernel.Extensions; using ApacKernel.Web.MVC; using Now.Business.Clients; using Now.Business.WarehouseService; using Now.Entities; namespace Now.Web.Services { public enum DashboardPermissions { // Consolidation Consolidation = 228, ConsolidationStatistic = 229, ConsolidationLocation = 240, // DistributionCenter DistributionCenter = 241, // Revenue RevenueNow = 260, RevenueSales = 226, RevenueWeekly = 227, RevenueOverview = 268, // Measure MeasureSummary = 269, MeasureSummaryLive = 278, MeasureSummaryBuyers = 279, MeasureFlash = 270, MeasureFlashLive = 280, MeasureFlashBuyers = 281, // Recommendations Recommendations = 271, RecommendationsSetup = 272, // Admin Administration = 273, } public class DashboardsPermissionService : IPermissionProvider { private readonly ILoginService _loginService; private readonly IWarehouseServiceClient _warehouseServiceClient; public DashboardsPermissionService(ILoginService loginService, IWarehouseServiceClient warehouseServiceClient) { this._loginService = loginService; this._warehouseServiceClient = warehouseServiceClient; } public bool Check(object permission) { if (ApacConfig.AppSettings.IsDevelopment && ApacConfig.AppSettings.NoCheckPermissions()) return true; var checkPermission = Convert.ToInt32(permission); var cookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName]; if (cookie != null) { var ticket = FormsAuthentication.Decrypt(cookie.Value); if (ticket != null && !string.IsNullOrEmpty(ticket.UserData)) { var userLoginData = ticket.UserData.DeserializeFromJson(); if (userLoginData.Permissions == null || !userLoginData.LoggedTime.HasValue || userLoginData.LoggedTime.Value < ApacConfig.AppSettings.CookiesActualFrom()) { var now = DateTime.Now; userLoginData.Permissions = LoadCurrentUserPermissions(); userLoginData.LoggedTime = now; userLoginData.ExpiredTime = cookie.Expires = now.AddMonths(1); var userLoginJson = userLoginData.SerializeToJson(); var newTicket = new FormsAuthenticationTicket(ticket.Version, ticket.Name, ticket.IssueDate, ticket.Expiration, ticket.IsPersistent, userLoginJson, ticket.CookiePath); var encTicket = FormsAuthentication.Encrypt(newTicket); cookie.Value = encTicket; HttpContext.Current.Response.Cookies.Add(cookie); } return userLoginData.Permissions != null && userLoginData.Permissions.Contains(checkPermission); } } return false; } public object[] LoadPermissions(Guid userID) { var result = _warehouseServiceClient.GetUserPermissions(new GetUserPermissionsParameters { UserId = userID }); var permissions = result.Permissions.Select(d => d.Id).Cast().ToArray(); return permissions; } public int[] LoadCurrentUserPermissions() { return LoadPermissions(_loginService.CurrentUserID).Cast().ToArray(); } public ActionResult FailAction(AuthorizationContext filterContext) { throw new HttpException(403, "You have no permission for this action."); } } }