using System.Collections.Generic;
using System.Linq;
using System.Web.Http;
using System.Web.Http.Controllers;
namespace iiie.Authentication.Business
{
///
/// Filter for controllers methods
///
public class AuthFilter : AuthorizeAttribute
{
///
/// Authorized roles to access this method
///
public IEnumerable UserRoles { get; set; }
///
/// Constructor
///
/// The authorized roles
public AuthFilter(params int[] roles)
{
UserRoles = roles.ToList();
}
///
/// Check if user can access this method
///
/// HTTP request context
/// True if user can access, false otherwise
protected override bool IsAuthorized(HttpActionContext context)
{
return !UserRoles.Any() || (UserStorage.BasicUserDbo != null && UserRoles.Contains(UserStorage.BasicUserDbo.Role));
}
}
}