如何在许多控制器的许多操作中实现一些代码

时间:2017-07-07 15:16:04

标签: asp.net-mvc action-filter actionfilterattribute custom-action-filter

我有控制器操作,可以与某个实体(驱动程序)一起使用。此外,每个驱动程序都与身份资料相关联。

        public async Task<ActionResult> Details(int? id)
        {
            if ((id == null))
            {
                return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
            }
            DriverDetailVM model = mapper.Map<DriverDetailVM>(db.Drivers.Find(id));
            if ((model == null))
            {
                return HttpNotFound();
            }
            return View(model);
        }

        public async Task<ActionResult> Edit(int? id = null, bool isNewUser = false)
        {
/////////
        }

如果用户具有“Superadmin”角色,则他可以访问具有任何id值的页面。如果用户具有角色“Driver”,那么只有当id值与他的个人资料相同时我们才能访问。我尝试在ActionFilter上实现它:

public class DriverAccessActionFilterAttribute : ActionFilterAttribute
{
    public string IdParamName { get; set; }
    public int DriverID { get; set; }

    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        if (filterContext.HttpContext.User.IsInRole("Driver"))
        {
            if (filterContext.ActionParameters.ContainsKey(IdParamName))
            {
                var id = filterContext.ActionParameters[IdParamName] as Int32;
                if (id != DriverID)
                    filterContext.Result = new HttpStatusCodeResult(HttpStatusCode.Forbidden);
            }
            else
                filterContext.Result = new HttpStatusCodeResult(HttpStatusCode.BadRequest); 
        }
        else
            base.OnActionExecuting(filterContext);
    }
}

但是当我尝试使用此代码时:

    [DriverAccessActionFilter(DriverID = currentUser.DriverId, IdParamName = "id")]
    public async Task<ActionResult> Details(int? id)
    {

它不想被编译,因为

  

非静态字段,方法或者需要对象引用   属性

如何实施?

1 个答案:

答案 0 :(得分:2)

属性参数在编译时计算,而不是在运行时计算。所以他们必须编译时间常数。您无法在运行时将值传递给操作属性。即[DriverAccessActionFilter(DriverID = currentUser.DriverId, IdParamName = "id")]你正在通过DriverID = currentUser.DriverId。属性用作控制器/操作元数据,元数据需要在程序集中编译。这就是属性只能采用常数值的原因。

您必须按如下方式更改属性:

  1. 使用依赖注入来注入返回登录用户的服务。
  2. 或实施自定义Principal并为其分配当前请求主体。
  3. 如果您实施CustomPrinicpal,您可以修改您的属性:

    public class DriverAccessActionFilterAttribute : ActionFilterAttribute
        {
            public string IdParamName { get; set; }
            private int DriverID { get; set; }
    
            public override void OnActionExecuting(ActionExecutingContext filterContext)
            {            
                if (filterContext.HttpContext.User.IsInRole("Driver"))
                {
                    var customPrincipal = filterContext.HttpContext.User as CustomPrincipal;
                    DriverID = customPrincipal.Id;
                    // Rest of you logic                
                }
                else
                    base.OnActionExecuting(filterContext);
            }
        }
    

    如果您选择DI路径,则可以使用以下代码段:

    public class DriverAccessActionFilterAttribute : ActionFilterAttribute
    {
        public string IdParamName { get; set; }
        private int DriverID { get; set; }
    
        public DriverAccessActionFilterAttribute(IYourIdentityProvider provider)
        {
            DriverID = provider.LoggedInUserID;
        }
    
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {            
            // Your logic
        }
    }
    

    然后将您的属性用作[DriverAccessActionFilter(IdParamName = "id")]