Własny filtr akcji – autoryzacja z wykorzystaniem logiki biznesowej

InvoiceLogic.cs

public bool HasAccess(ApplicationUser user, Invoice entity)
{
    if(user == null)
    {
        throw new ArgumentNullException("user");
    }
 
    if(entity == null)
    {
        throw new ArgumentNullException("entity");
    }
 
    if(entity.UserId == user.Id)
    {
        return true;
    }
 
    if (user.IsAdmin)
    {
        return true;
    }
 
    return false;
}

InvoicesController.cs

public class InvoicesController : Controller
{
    public ActionResult Create(int id)
    {
        return View();
    }
 
    public ActionResult Edit(int id)
    {
        return View();
    }
}

InvoicesController2.cs

[LogicAuthorize(typeof(IInvoiceLogic))]
public class InvoicesController : Controller
{
    private IInvoiceLogic _invoiceLogic;
 
    public InvoicesController(IInvoiceLogic invoiceLogic)
    {
        _invoiceLogic = invoiceLogic;
    }
 
    public ActionResult Index()
    {
        return View();
    }
 
    public ActionResult Edit(int id)
    {
        return View(_invoiceLogic.GetById(id));
    }
 
    [HttpPost]
    public ActionResult Edit(Invoice invoice)
    {
        return View(invoice);
    }
}

LogicAuthorizeAttribute.cs

private bool IsAuthenticated(AuthorizationContext filterContext)
{
    if (filterContext.RequestContext.HttpContext.User.Identity.IsAuthenticated)
    {
        return true;
    }
 
    return false;
}

LogicAuthorizeAttribute2.cs

private int? GetId(AuthorizationContext filterContext)
{
    string idValue = string.Empty;
 
    if (filterContext.RouteData.Values.Any(d => d.Key == "id"))
    {
        idValue = filterContext.RouteData.Values.FirstOrDefault(d => d.Key == "id").Value.ToString();
    }
 
    if (string.IsNullOrEmpty(idValue))
    {
        if (filterContext.HttpContext.Request.QueryString.AllKeys.Any(k => k == "id"))
        {
            idValue = filterContext.HttpContext.Request.QueryString["id"];
        }
    }
 
    if (string.IsNullOrEmpty(idValue))
    {
        return null;
    }
 
    int id = 0;
 
    if (int.TryParse(idValue, out id) == false)
    {
        throw new ArgumentException("The id parameter in request has wrong value.");
    }
 
    return id;
}

LogicAuthorizeAttribute3.cs

private bool HasAccess(AuthorizationContext filterContext, int? id)
{
    if (id.HasValue == false)
    {
        return false;
    }
 
    var user = UserLogic.GetByName(filterContext.RequestContext.HttpContext.User.Identity.Name);
 
    if (user == null)
    {
        HandleUnauthorizedRequest(filterContext);
        return true;
    }
 
    if (AuthorizeLogic.HasAccess(user, id.Value))
    {
        return true;
    }
 
    return false;
}

LogicAuthorizeAttribute4.cs

public void OnAuthorization(AuthorizationContext filterContext)
{
    if (IsAuthenticated(filterContext) == false)
    {
        HandleUnauthorizedRequest(filterContext);
        return;
    }
 
    int? id = GetId(filterContext);
 
    if (id.HasValue == false)
    {
        return;
    }
 
    if (HasAccess(filterContext, id))
    {
        return;
    }
 
    HandleUnauthorizedRequest(filterContext);
}

LogicAuthorizeAttribute5.cs

protected void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
    filterContext.Result = new RedirectToRouteResult(
                new RouteValueDictionary(
                    new
                    {
                        controller = "Account",
                        action = "Login"
                    })
                );
}