Typical admin controller action contains this lines of code:
if (!_permissionService.Authorize(StandardPermissionProvider.ManageCategories))
return AccessDeniedKendoGridJson();
I propose to make this check at controller/action attribute level.
[CheckPermission(StandardPermissionProvider.ManageCategories)]
What do think ?