我正在尝试为我的MVC应用程序实现一种新的基于权限的访问方法;我们有几个权限组,每个组都包含权限列表。例如,我们拥有Invoices
权限组,其中包含CreateInvoice,RemoveInvoice,etc
权限密钥。
在这种方法中,每个mvc Action
都需要特定的执行权限。我试图通过CustomAttributes来做到这一点,如下所示:
public class InvoiceController : Controller
{
[RequirePermission(Permissions.Invoices.CreateInvoice)]
public ActionResult Create()
{
return View();
}
}
为了让开发人员更容易记住不同的权限组和权限密钥我正在尝试创建一个预定义的权限列表,该权限应该是权限组和权限密钥的组合。但是由于在C#中使用属性参数的限制 我无法让它工作。 (我不想制作一个额外的大型枚举器并将所有权限密钥放在那里)
我最后一次尝试是为每个权限组创建一个枚举器,然后将权限键定义为枚举常量:
public class PermissionEnums
{
[PermissionGroup(PermissionGroupCode.Invoice)]
public enum Invoices
{
CreateInvoice = 1,
UpdateInvoice = 2,
RemoveInvoice = 3,
ManageAttachments = 4
}
[PermissionGroup(PermissionGroupCode.UserAccounts)]
public enum UserAccounts
{
Create = 1,
ChangePassword = 2
}
}
正如您所看到的,我们在这里有代码组合,使用PermissionGroup
属性指定的权限组密钥和在每个枚举常量上指定为数字代码的权限密钥代码。
RequirePermission属性定义如下:
public class RequirePermissionAttribute : Attribute
{
private Enum _Permission;
public RequirePermissionAttribute(Enum Permission)
: base()
{
_Permission = Permission;
}
}
但问题是Enum
类型的对象无法用作属性参数。
赞赏任何建议/想法
答案 0 :(得分:6)
我找到了解决方案,唯一需要改变的是constructure参数的类型。而不是使用Enum
,您必须使用object
:
public class RequirePermissionAttribute : AuthorizeAttribute
{
private object _Permission;
public RequirePermissionAttribute(object Permission)
: base()
{
_Permission = Permission;
}
}
以下是完整的代码:
/***************** Permission Groups And Keys *****************/
public static class Permissions
{
[PermissionGroup(PermissionGroupCode.Invoice)]
public enum Invoices
{
CreateInvoice = 1,
UpdateInvoice = 2,
RemoveInvoice = 3,
ManageAttachments = 4
}
[PermissionGroup(PermissionGroupCode.UserAccounts)]
public enum UserAccounts
{
Create = 1,
ChangePassword = 2
}
}
public enum PermissionGroupCode
{
Invoice = 1,
UserAccounts = 2,
Members = 3
}
/***************** Attributes & ActionFilters *****************/
[AttributeUsage(AttributeTargets.Enum)]
public class PermissionGroupAttribute : Attribute
{
private PermissionGroupCode _GroupCode;
public PermissionGroupCode GroupCode
{
get
{
return _GroupCode;
}
}
public PermissionGroupAttribute(PermissionGroupCode GroupCode)
{
_GroupCode = GroupCode;
}
}
public class RequirePermissionAttribute : AuthorizeAttribute
{
private object _RequiredPermission;
public RequirePermissionAttribute(object RequiredPermission)
: base()
{
_RequiredPermission = RequiredPermission;
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var permissionGroupMetadata = (PermissionGroupAttribute)_RequiredPermission.GetType().GetCustomAttributes(typeof(PermissionGroupAttribute), false)[0];
var groupCode = permissionGroupMetadata.GroupCode;
var permissionCode = Convert.ToInt32(_RequiredPermission);
return HasPermission(currentUserId, groupCode, permissionCode);
}
}
答案 1 :(得分:0)
我认为不可能我尝试做你的事情并且失败了:/抱歉。
操作权限应与Authorize一起使用,你可以自己编写类似这样的内容:
[AttributeUsage(AttributeTargets.All)]
public sealed class CustomAuthorizeAttribute : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (httpContext == null)
throw new ArgumentNullException("httpContext");
//Its a piece of code from my app you can modify it to suit your needs or use the base one
if (!new CustomIdentity(httpContext.User.Identity.Name).IsAuthenticated)
{
return false;
}
return true;
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
base.HandleUnauthorizedRequest(filterContext);
}
}
然后你的行动:
[CustomAuthorizeAttribute(Roles = "FE")]
public ActionResult Index()
{
return RedirectToAction("Index", "Documents");
}
但是它仍然是您使用的字符串,并且要使其工作,您需要将其与自定义角色提供程序结合使用。很麻烦,但在我看来是值得的。