我想基于角色限制对$ expand操作的访问。我的问题需要限制用户Roles的某些实体的访问权限。某人提供了从哪里开始的一些提示?
答案 0 :(得分:2)
您可以使用此代码片段进行AUTHORIZATION从http://www.software-architects.com/devblog/2014/09/12/10-OData-FAQs获取该代码片段 容易用太多的代码
[Authorize]
[ODataRoutePrefix("Customer")]
public class CustomerController : ODataController
{
[...]
[EnableQuery]
public IHttpActionResult Get()
{
if (!string.IsNullOrWhiteSpace(((ClaimsPrincipal)Thread.CurrentPrincipal).Claims.FirstOrDefault(c => c.Type == "IsAdmin").Value))
{
return Ok(context.Customers);
}
return Unauthorized();
}
[...]
}
或创建扩展方法IEdmModelBuilder更多参考
git hub
using System;
using System.Linq;
using System.Reflection;
using System.Web.OData;
using Microsoft.OData.Edm;
namespace MHS.Assessments.WebAPI.Utilities
{
public static class IEdmModelBuilderExtensions
{
public static void AddAuthorizedRolesAnnotations(this IEdmModel edmModel)
{
var typeAnnotationsMapping = edmModel.SchemaElementsAcrossModels()
.OfType<IEdmEntityType>()
.Where(t => edmModel.GetAnnotationValue<ClrTypeAnnotation>(t) != null)
.Select(t => edmModel.GetAnnotationValue<ClrTypeAnnotation>(t).ClrType)
.ToDictionary(clrType => clrType,
clrType => clrType.GetCustomAttributes<CanExpandAttribute>(inherit: false));
foreach (var kvp in typeAnnotationsMapping)
{
foreach (var attribute in kvp.Value)
{
attribute.SetRoles(edmModel, kvp.Key);
}
}
}
public static void SetAuthorizedRolesOnType(this IEdmModel model,string typeName,string[] roles)
{
IEdmEntityType type = model.FindType(typeName) as IEdmEntityType;
if (type == null)
{
throw new InvalidOperationException("The authorized element must be an entity type");
}
model.SetAnnotationValue<AuthorizedRoles>(type, new AuthorizedRoles(roles));
}
}
}
WebApiConfig.ca
edmModel.SetAuthorizedRolesOnType("Customers", new string[] { "Support"});