我有控制器操作,可以与某个实体(驱动程序)一起使用。此外,每个驱动程序都与身份资料相关联。
public async Task<ActionResult> Details(int? id)
{
if ((id == null))
{
return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
}
DriverDetailVM model = mapper.Map<DriverDetailVM>(db.Drivers.Find(id));
if ((model == null))
{
return HttpNotFound();
}
return View(model);
}
public async Task<ActionResult> Edit(int? id = null, bool isNewUser = false)
{
/////////
}
如果用户具有“Superadmin”角色,则他可以访问具有任何id值的页面。如果用户具有角色“Driver”,那么只有当id值与他的个人资料相同时我们才能访问。我尝试在ActionFilter上实现它:
public class DriverAccessActionFilterAttribute : ActionFilterAttribute
{
public string IdParamName { get; set; }
public int DriverID { get; set; }
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
if (filterContext.HttpContext.User.IsInRole("Driver"))
{
if (filterContext.ActionParameters.ContainsKey(IdParamName))
{
var id = filterContext.ActionParameters[IdParamName] as Int32;
if (id != DriverID)
filterContext.Result = new HttpStatusCodeResult(HttpStatusCode.Forbidden);
}
else
filterContext.Result = new HttpStatusCodeResult(HttpStatusCode.BadRequest);
}
else
base.OnActionExecuting(filterContext);
}
}
但是当我尝试使用此代码时:
[DriverAccessActionFilter(DriverID = currentUser.DriverId, IdParamName = "id")]
public async Task<ActionResult> Details(int? id)
{
它不想被编译,因为
非静态字段,方法或者需要对象引用 属性
如何实施?
答案 0 :(得分:2)
属性参数在编译时计算,而不是在运行时计算。所以他们必须编译时间常数。您无法在运行时将值传递给操作属性。即[DriverAccessActionFilter(DriverID = currentUser.DriverId, IdParamName = "id")]
你正在通过DriverID = currentUser.DriverId
。属性用作控制器/操作元数据,元数据需要在程序集中编译。这就是属性只能采用常数值的原因。
您必须按如下方式更改属性:
如果您实施CustomPrinicpal,您可以修改您的属性:
public class DriverAccessActionFilterAttribute : ActionFilterAttribute
{
public string IdParamName { get; set; }
private int DriverID { get; set; }
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
if (filterContext.HttpContext.User.IsInRole("Driver"))
{
var customPrincipal = filterContext.HttpContext.User as CustomPrincipal;
DriverID = customPrincipal.Id;
// Rest of you logic
}
else
base.OnActionExecuting(filterContext);
}
}
如果您选择DI路径,则可以使用以下代码段:
public class DriverAccessActionFilterAttribute : ActionFilterAttribute
{
public string IdParamName { get; set; }
private int DriverID { get; set; }
public DriverAccessActionFilterAttribute(IYourIdentityProvider provider)
{
DriverID = provider.LoggedInUserID;
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
// Your logic
}
}
然后将您的属性用作[DriverAccessActionFilter(IdParamName = "id")]