From c84f6193547370d6786609404e6dbc51f181d7b0 Mon Sep 17 00:00:00 2001
From: Michael <Michael@some.where>
Date: Tue, 9 May 2017 16:00:37 -0400
Subject: Redo the permission system.

---
 Project-Unite/Global.asax.cs | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

(limited to 'Project-Unite/Global.asax.cs')

diff --git a/Project-Unite/Global.asax.cs b/Project-Unite/Global.asax.cs
index 10223f1..569bd17 100644
--- a/Project-Unite/Global.asax.cs
+++ b/Project-Unite/Global.asax.cs
@@ -3,6 +3,7 @@ using System.Collections.Generic;
 using System.Data.Entity.Migrations;
 using System.IO;
 using System.Linq;
+using System.Reflection;
 using System.Web;
 using System.Web.Mvc;
 using System.Web.Optimization;
@@ -36,6 +37,44 @@ namespace Project_Unite
 
             migrator.Update();
 
+            string actionname = this.Request.RequestContext.RouteData.Values["action"].ToString();
+            string controllername = this.Request.RequestContext.RouteData.Values["controller"].ToString();
+
+            var asm = Assembly.GetExecutingAssembly();
+            var ctl = asm.GetTypes().FirstOrDefault(x => x.Name == controllername + "Controller");
+            var adm = ctl.GetCustomAttributes(false).Where(x => x is RequiresAdmin);
+            var mod = ctl.GetCustomAttributes(false).Where(x => x is RequiresModerator);
+            var dev = ctl.GetCustomAttributes(false).Where(x => x is RequiresDeveloper);
+
+            bool fail = false;
+
+            if (adm != null)
+                fail = !User.Identity.IsAdmin();
+            if (mod != null)
+                fail = !User.Identity.IsModerator();
+            if (dev != null)
+                fail = !User.Identity.IsDeveloper();
+
+            var act = ctl.GetMethods(BindingFlags.Public | BindingFlags.Instance).FirstOrDefault(x => x.Name == actionname);
+
+            adm = act.GetCustomAttributes(false).Where(x => x is RequiresAdmin);
+            mod = act.GetCustomAttributes(false).Where(x => x is RequiresModerator);
+            dev = act.GetCustomAttributes(false).Where(x => x is RequiresDeveloper);
+
+            if (adm != null)
+                fail = fail || !User.Identity.IsAdmin();
+            if (mod != null)
+                fail = fail || !User.Identity.IsModerator();
+            if (dev != null)
+                fail = fail || !User.Identity.IsDeveloper();
+
+
+            if (fail == true)
+            {
+                string url = "http://" + this.Request.Url.Host.Replace("http://", "").Replace("https://", "") + "/Home/AccessDenied";
+                Response.Redirect(url, true);
+                return;
+            }
 
             var addr = HttpContext.Current.Request.UserHostAddress;
             var db = new ApplicationDbContext();
@@ -47,6 +86,8 @@ namespace Project_Unite
                 this.CompleteRequest();
                 return;
             }
+
+            
         }
 
         protected void Application_EndRequest(object s, EventArgs e)
-- 
cgit v1.2.3