vgquotes/Src/VideoGameQuotes.Web/Security/VerifyUserAttribute.cs

using System.Net;
using System.Web.Mvc;
using Portoa.Web;
using Portoa.Web.ErrorHandling;
using VideoGameQuotes.Api;

namespace VideoGameQuotes.Web.Security {
	[NeedsBuildUp]
	public class VerifyUserAttribute : ActionFilterAttribute {
		public VerifyUserAttribute() {
			Group = UserGroup.User;
		}

		public ICurrentUserProvider<User> UserProvider { get; set; }
		public UserGroup Group { get; set; }

		public override void OnActionExecuting(ActionExecutingContext filterContext) {
			var allowedToExecuteAction = UserProvider != null
				&& UserProvider.CurrentUser != null
				&& UserProvider.CurrentUser.Group >= Group;

			if (!allowedToExecuteAction) {
				filterContext.Result = new ErrorViewResult {
					Message = "You are not a verified user (are you hiding your IP address?)",
					ModelCreator = exception => new ErrorModel<User> { Exception = exception, User = UserProvider.CurrentUser },
					StatusCode = HttpStatusCode.Forbidden,
					ViewName = "Forbidden"
				};
			}
		}
	}
}