SoftUni · rumenand · Oct 14, 2020 · Oct 14, 2020
diff --git a/2020-Sept-Season/SUS/Apps/MyFirstMvcApp/Controllers/CardsController.cs b/2020-Sept-Season/SUS/Apps/MyFirstMvcApp/Controllers/CardsController.cs
@@ -58,13 +58,9 @@ public HttpResponse DoAdd(AddCardInputModel model)
         }
 
         // /cards/all
+        [Authorize]
         public HttpResponse All()
         {
-            if (!this.IsUserSignedIn())
-            {
-                return this.Redirect("/Users/Login");
-            }
-
             var cardsViewModel = this.db.Cards.Select(x => new CardViewModel
             {
                 Name = x.Name,

diff --git a/2020-Sept-Season/SUS/SUS.HTTP/HttpConstants.cs b/2020-Sept-Season/SUS/SUS.HTTP/HttpConstants.cs
@@ -6,5 +6,6 @@ public static class HttpConstants
         public const string NewLine = "\r\n";
         public const string RequestCookieHeader = "Cookie";
         public const string SessionCookieName = "SUS_SID";
+        public const string UserIdSessionName = "UserId";
     }
 }
diff --git a/2020-Sept-Season/SUS/SUS.HTTP/HttpServer.cs b/2020-Sept-Season/SUS/SUS.HTTP/HttpServer.cs
@@ -70,7 +70,17 @@ private async Task ProcessClientAsync(TcpClient tcpClient)
                             && x.Method == request.Method);
                     if (route != null)
                     {
-                        response = route.Action(request);
+                        if (route.IsAuthorized == false ||
+                           (request.Session.ContainsKey(HttpConstants.UserIdSessionName) &&
+                            request.Session[HttpConstants.UserIdSessionName] != null))
+                            {
+                             response = route.Action(request);
+                            }
+                            else
+                            {
+                            response = new HttpResponse(HttpStatusCode.Found);
+                            response.Headers.Add(new Header("Location", "/Users/Login"));
+                            }
                     }
                     else
                     {

diff --git a/2020-Sept-Season/SUS/SUS.HTTP/Route.cs b/2020-Sept-Season/SUS/SUS.HTTP/Route.cs
@@ -6,17 +6,20 @@ namespace SUS.HTTP
 {
     public class Route
     {
-        public Route(string path, HttpMethod method, Func<HttpRequest, HttpResponse> action)
+        public Route(string path, HttpMethod method, Func<HttpRequest, HttpResponse> action, bool IsAuthorized = false)
         {
             this.Path = path;
             this.Method = method;
             this.Action = action;
+            this.IsAuthorized = IsAuthorized;
         }
 
         public string Path { get; set; }
 
         public HttpMethod Method { get; set; }
 
         public Func<HttpRequest, HttpResponse> Action { get; set; }
+
+        public bool IsAuthorized  { get; set; }
     }
 }
diff --git a/2020-Sept-Season/SUS/SUS.MvcFramework/AuthorizeAttribute.cs b/2020-Sept-Season/SUS/SUS.MvcFramework/AuthorizeAttribute.cs
@@ -0,0 +1,12 @@
+using System;
+
+namespace SUS.MvcFramework
+{
+    public class AuthorizeAttribute : Attribute
+    {
+        public AuthorizeAttribute()
+        {
+
+        }
+    }
+}
diff --git a/2020-Sept-Season/SUS/SUS.MvcFramework/Controller.cs b/2020-Sept-Season/SUS/SUS.MvcFramework/Controller.cs
@@ -7,7 +7,6 @@ namespace SUS.MvcFramework
 {
     public abstract class Controller
     {
-        private const string UserIdSessionName = "UserId";
         private SusViewEngine viewEngine;
 
         public Controller()
@@ -59,21 +58,21 @@ protected HttpResponse Error(string errorText)
 
         protected void SignIn(string userId)
         {
-            this.Request.Session[UserIdSessionName] = userId;
+            this.Request.Session[HttpConstants.UserIdSessionName] = userId;
         }
 
         protected void SignOut()
         {
-            this.Request.Session[UserIdSessionName] = null;
+            this.Request.Session[HttpConstants.UserIdSessionName] = null;
         }
 
         protected bool IsUserSignedIn() =>
-            this.Request.Session.ContainsKey(UserIdSessionName) &&
-            this.Request.Session[UserIdSessionName] != null;
+            this.Request.Session.ContainsKey(HttpConstants.UserIdSessionName) &&
+            this.Request.Session[HttpConstants.UserIdSessionName] != null;
 
         protected string GetUserId() =>
-            this.Request.Session.ContainsKey(UserIdSessionName) ?
-            this.Request.Session[UserIdSessionName] : null;
+            this.Request.Session.ContainsKey(HttpConstants.UserIdSessionName) ?
+            this.Request.Session[HttpConstants.UserIdSessionName] : null;
 
         private string PutViewInLayout(string viewContent, object viewModel = null)
         {

diff --git a/2020-Sept-Season/SUS/SUS.MvcFramework/Host.cs b/2020-Sept-Season/SUS/SUS.MvcFramework/Host.cs
@@ -65,7 +65,11 @@ private static void AutoRegisterRoutes(List<Route> routeTable, IMvcApplication a
                         url = attribute.Url;
                     }
 
-                    routeTable.Add(new Route(url, httpMethod, request => ExecuteAction(request, controllerType, method, serviceCollection)));
+                    var IsAuthorized = method.GetCustomAttributes(false)
+                       .Where(x => x.GetType() == typeof(AuthorizeAttribute))
+                       .FirstOrDefault();
+
+                    routeTable.Add(new Route(url, httpMethod, request => ExecuteAction(request, controllerType, method, serviceCollection), (IsAuthorized != null)));
                 }
             }
         }