Folks I have simple application were I am trying to implement simple permission functionality on the website. These are the tables I am dealing with.
A Department table that has the roles
And an AppPermissions table
if say ProductEdit has a value of "1", that particular user has permissions to the Product Edit Controller, if "0" no access.. and so forth
my current custom class which is no doubt a bit messy
public class AuthorizeGroups : AuthorizeAttribute
{
//public string EditPermission = "Allowed Access";
public string EditPermission { get; set; }
public class AuthorizeGroups : AuthorizeAttribute
{
//public string EditPermission = "Allowed Access";
public string EditPermission { get; set; }
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
MyDBContext db = new MyDBContext();
AppPermissions perm = new AppPermissions();
Department dpt = new Department();
var isAuthorized = base.AuthorizeCore(httpContext);
if(!isAuthorized) { return false; }
//we need to get group_id (departmentID) of the permission, of the logged in user from permissions table
//var pEdit = db.AppPermissions.FirstOrDefault(p => p.DepartmentId == p.Department.DepartmentId).ProductEdit.ToString();
string currentUser = HttpContext.Current.User.Identity.Name.ToString();
string currentPermission = perm.ProductEdit.ToString();
string currentUserGroup = dpt.DepartmentName.Contains(currentUser).ToString();
if (currentPermission == "1" && this.EditPermission.Contains(currentUserGroup))
{
return true;
}
else
{
return false;
}
}
}
On my Edit Controller I then have the following
[AuthorizeGroups(EditPermission = "1")]
public ActionResult Edit(int? id)
{
Current result I am getting is that the edit functionality on the web page is restricting that action for all users regardless of whether that permission is 1 or 0. Any help would be appreciated.