private static bool IsActionAuthorized(string actionName, ControllerBase controller)
{
Contract.Requires<ArgumentNullException>(controller != null);
Contract.Requires<ArgumentException>(controller.ControllerContext != null);
var finder = new ControllerActionFinder();
var action = finder.FindAction(controller.ControllerContext, actionName);
// TODO: verify! This line was replaced in order to upgrade to MVC 3
// var filters = action.GetFilters().AuthorizationFilters;
var filters = FilterProviders.Providers.GetFilters(controller.ControllerContext, action).OfType<IAuthorizationFilter>();
var authorizationContext = new AuthorizationContext(controller.ControllerContext, action);
foreach (var authorize in filters) {
authorize.OnAuthorization(authorizationContext);
if (authorizationContext.Result is HttpUnauthorizedResult)
return false;
}
return true;
}