c# – ASP.NET MVC 4自定义角色授权显示/隐藏编辑/删除视图中的
发布时间:2020-12-16 02:03:16 所属栏目:百科 来源:网络整理
导读:我想根据用户的授权显示/隐藏编辑/删除链接(包括菜单项).我已经实现了AuthorizeAttribute,并为覆盖AuthorizeCore的角色检查提供了自定义逻辑.我想在检查用户是否有权查看LinkExtensions方法中的编辑/删除链接时使用该逻辑. 这是我的设置: public class Auth
|
我想根据用户的授权显示/隐藏编辑/删除链接(包括菜单项).我已经实现了AuthorizeAttribute,并为覆盖AuthorizeCore的角色检查提供了自定义逻辑.我想在检查用户是否有权查看LinkExtensions方法中的编辑/删除链接时使用该逻辑.
这是我的设置: public class AuthorizeActivity : AuthorizeAttribute
{
public override void OnAuthorization(AuthorizationContext filterContext)
{
base.OnAuthorization(filterContext);
}
protected override bool AuthorizeCore(System.Web.HttpContextBase httpContext)
{
bool isAuthorized = base.AuthorizeCore(httpContext);
string actionType = httpContext.Request.HttpMethod;
string controller = httpContext.Request.RequestContext.RouteData.Values["controller"].ToString();
string action = httpContext.Request.RequestContext.RouteData.Values["action"].ToString();
//ADMINS
if (controller == "Admin")
{
if (httpContext.User.IsInRole(Constants.Admin))
return true;
}
else
{
//DATA READERS ONLY
if ((action == "Details") || (action == "Index"))
{
if (httpContext.User.IsInRole(Constants.DataReader))
return true;
}
//DATA WRITERS & IT
else
{
...
}
}
return false;
}
我还使用了Vivien Chevallier的逻辑来创建此处概述的授权操作链接扩展:http://vivien-chevallier.com/Articles/create-an-authorized-action-link-extension-for-aspnet-mvc-3 <li>@Html.ActionLinkAuthorized("Admin","Index","Admin",false) </li>
链接将根据用户的权限显示或不显示. [AuthorizeActivity]
public ActionResult Index()
{
return View(view);
}
授权链接不起作用,除非我在属性中指定“角色”,我认为这是多余的,如下所示: [AuthorizeActivity(Roles = Constants.roleSalesContractAdmin)]
public ActionResult Index()
{
return View(view);
}
我似乎无法找到一种方法来重用AuthorizeAttribute中的逻辑.理想情况下,它会在ActionLinkAuthorized中被调用,就像Vivien所拥有的那样: public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper,string linkText,string actionName,string controllerName,RouteValueDictionary routeValues,IDictionary<string,object> htmlAttributes,bool showActionLinkAsDisabled)
{
if (htmlHelper.ActionAuthorized(actionName,controllerName)) //The call to verify here -- or inside ActionAuthorized
{
return htmlHelper.ActionLink(linkText,actionName,controllerName,routeValues,htmlAttributes);
}
else
{
if (showActionLinkAsDisabled)
{
TagBuilder tagBuilder = new TagBuilder("span");
tagBuilder.InnerHtml = linkText;
return MvcHtmlString.Create(tagBuilder.ToString());
}
else
{
return MvcHtmlString.Empty;
}
}
}
这是ActionAuthorized方法. OnAuthorization调用不会转到自定义调用 public static bool ActionAuthorized(this HtmlHelper htmlHelper,string controllerName)
{
ControllerBase controllerBase = string.IsNullOrEmpty(controllerName) ? htmlHelper.ViewContext.Controller : htmlHelper.GetControllerByName(controllerName);
ControllerContext controllerContext = new ControllerContext(htmlHelper.ViewContext.RequestContext,controllerBase);
ControllerDescriptor controllerDescriptor = new ReflectedControllerDescriptor(controllerContext.Controller.GetType());
ActionDescriptor actionDescriptor = controllerDescriptor.FindAction(controllerContext,actionName);
if (actionDescriptor == null)
return false;
FilterInfo filters = new FilterInfo(FilterProviders.Providers.GetFilters(controllerContext,actionDescriptor));
AuthorizationContext authorizationContext = new AuthorizationContext(controllerContext,actionDescriptor);
foreach (IAuthorizationFilter authorizationFilter in filters.AuthorizationFilters)
{
authorizationFilter.OnAuthorization(authorizationContext); //This call
if (authorizationContext.Result != null)
return false;
}
return true;
}
解决方法
在您看来,您可以写:
@if (User.IsInRole("role"))
{
<li>@Html.ActionLink("Words","View","Controller")</li>
<li>@Html.ActionLink("Words","Controller")</li>
}
…并假设他们已登录,它将有条件地隐藏链接 (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |