nuget-3ie/Authentication/Business/AuthFilter.cs

using System.Collections.Generic;
using System.Linq;
using System.Web.Http;
using System.Web.Http.Controllers;

namespace iiie.Authentication.Business
{
    /// <summary>
    /// Filter for controllers methods
    /// </summary>
    public class AuthFilter : AuthorizeAttribute
    {
        /// <summary>
        /// Authorized roles to access this method
        /// </summary>
        public IEnumerable<int> UserRoles { get; set; }

        /// <summary>
        /// Constructor
        /// </summary>
        /// <param name="roles">The authorized roles</param>
        public AuthFilter(params int[] roles)
        {
            UserRoles = roles.ToList();
        }

        /// <summary>
        /// Check if user can access this method
        /// </summary>
        /// <param name="context">HTTP request context</param>
        /// <returns>True if user can access, false otherwise</returns>
        protected override bool IsAuthorized(HttpActionContext context)
        {
            return !UserRoles.Any() || (UserStorage.BasicUserDbo != null && UserRoles.Contains(UserStorage.BasicUserDbo.Role));
        }
    }
}