我有一个控制器,可以由具有管理员权限的用户或护士访问。然后在单独的行动中,如果我愿意,我可以做得更严格。现在我拥有的是这样的东西
[AuthorizeUser(UserRole = "Admin", OrganizationType = "Institution")]
工作正常。但我会喜欢
[AuthorizeUser(UserRole = "Admin,Nurse", OrganizationType = "Institution")]
AuthorizeUser是自定义授权
public class AuthorizeUser : AuthorizeAttribute
{
public string UserRole { get; set; }
public string OrganizationType { get; set; }
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var isAuthorized = base.AuthorizeCore(httpContext);
if (!isAuthorized)
{
return false;
}
return CheckOrganizationType
.checkRole(this.UserRole, this.OrganizationType, Auth.CurrentUser);
}
}
public static bool checkRole(String role, String organizationType, User user)
{
RolesType rt = null;
OrganizationType ot = null;
foreach (UserRoles ur in user.GetUserRoles())
{
rt = RolesType.Get(ur.organizationTypeId,ur.roleTypeId);
ot = OrganizationType.Get(ur.organizationTypeId, "1");
}
if (rt != null && rt.Name == role && ot != null && ot.Name == organizationType)
{
return true;
}
else
{
return false;
}
}
然后检查当前用户是否具有任何已定义的角色。如何才能做到这一点?有什么想法吗?
答案 0 :(得分:1)
您只需更改此声明:
if (rt != null && rt.Name == role && ot != null && ot.Name == organizationType)
用这个:
if (rt != null && role.Contains(rt.Name) && ot != null && ot.Name == organizationType)