ControllerAuthorizationInfoCollection.cs :  » Content-Management-Systems-CMS » Kooboo » Everest » Library » Mvc » Authorization » C# / CSharp Open Source

/*
Kooboo is a content management system based on ASP.NET MVC framework. Copyright 2009 Yardi Technology Limited.

This program is free software: you can redistribute it and/or modify it under the terms of the
GNU General Public License version 3 as published by the Free Software Foundation.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program.
If not, see http://www.kooboo.com/gpl3/.
*/
//http://weblogs.asp.net/jigardesai/archive/2008/10/30/authorization-in-asp-net-mvc-using-xml-configuration.aspx
using System;
using System.Configuration;
using System.Collections.Generic;
using System.Xml.Serialization;


namespace Everest.Library.Mvc.Authorization{

    /// <summary>
    /// Controller Authorization Info Collection
    /// </summary>
    [XmlRoot("controllers")]
    public class ControllerAuthorizationInfoCollection : List<ControllerAuthorizationInfo> {

        /// <summary>
        /// Determines whether user can access specific controller.
        /// </summary>
        /// <param name="controllerName">Name of the controller.</param>
        /// <param name="user">The user.</param>
        /// <returns>
        ///   <c>true</c> if this instance [can access controller] the specified controller name; otherwise, <c>false</c>.
        /// </returns>
        public bool CanAccessController(string controllerName, System.Security.Principal.IPrincipal user) {
            ControllerAuthorizationInfo controllerInfo = findController(controllerName);

            if (controllerInfo != null && controllerInfo.IsAllowUser(user) == false) {
                return false;
            }

            return true;
        }


        /// <summary>
        /// Determines whether user can access specific controller and action.
        /// </summary>
        /// <param name="controllerName">Name of the controller.</param>
        /// <param name="actionName">Name of the action.</param>
        /// <param name="user">The user.</param>
        /// <returns>
        ///   <c>true</c> if this instance [can access action] the specified controller name; otherwise, <c>false</c>.
        /// </returns>
        public bool CanAccessAction(string controllerName, string actionName, System.Security.Principal.IPrincipal user) {
            ControllerAuthorizationInfo controllerInfo = findController(controllerName);
            ActionAuthorizationInfo actionInfo = null;

            if (controllerInfo != null) {

                // if user can not access controller then he should not have access to action.
                if (controllerInfo.IsAllowUser(user) == false) {
                    return false;
                }
                
                
                actionInfo = controllerInfo.FindAction(actionName);

                if (actionInfo != null && actionInfo.IsAllowUser(user) == false) {
                    return false;
                }
            }

            return true;
        }


        protected ControllerAuthorizationInfo findController(string controllerName) {
            
            foreach (ControllerAuthorizationInfo info in this) {
                if (string.Compare(info.Name, controllerName,true) == 0) {
                    return info;
                }
            }

            return null;
        }
    }

}