I have more than one controller that needs to check if a user has permission to view a information. This is my validation method.
private bool UserOnProject(Project project)
{
var userId = User.Identity.GetUserId();
//check if developer is on project
if (User.IsInRole(RoleNames.Developer))
{
var ProjDev = db.ProjectDevelopers.SingleOrDefault(model => model.ProjectId == project.Id
&& model.DeveloperId == userId);
if (ProjDev == null)
return false;
}
//check if manager is over project
else if (User.IsInRole(RoleNames.ProjectManager) && project.ManagerId != userId)
return false;
//user on project or admin
return true;
}
This needs to be called when the user views a Project details page or if the user views an Issues detail page where the issue belongs to a certain project. I tried moving this into its own class but then I can no longer use the User.Identity.GetUserId(). So I resorted to placing this function in both controllers but that is obviously is not what I want. Where/how can I place this so that I only need one copy of this and similar functions?
