如果用户无权采取行动,如何隐藏操作链接?

时间:2011-11-19 21:36:46

标签: asp.net-mvc

@if (Roles.IsUserInRole("Administrators"))
{
  <li>@Html.ActionLink("Create New", "Create")</li>
}

我为用户提供了很多角色,许多操作都可以访问多个角色。

在很多地方改变if语句是非常困难的 - 这是一种仅基于Athorize(Roles="Administrator, SomethingElse")来隐藏actionlink的方法吗?

也许有办法编写自定义帮助程序来检查用户权限并使用它代替Html.Actionlink?

2 个答案:

答案 0 :(得分:8)

经过一些试验和错误后,解决方案建议here有效。但是,以前的框架版本提供了解决方案。

编辑解决方案:

 public static class AuthorizeActionLinkExtention
{
    public static MvcHtmlString AuthorizeActionLink(this HtmlHelper helper, string linkText, string actionName, string controllerName, object routeValues, object htmlAttributes)
    {
        if (HasActionPermission(helper, actionName, controllerName))
            return helper.ActionLink(linkText, actionName, controllerName, routeValues, htmlAttributes);

        return MvcHtmlString.Empty;
    }
    public static MvcHtmlString AuthorizeActionLink(this HtmlHelper helper, string linkText, string actionName, string controllerName)
    {
        if (HasActionPermission(helper, actionName, controllerName))
            return helper.ActionLink(linkText, actionName, controllerName);

        return MvcHtmlString.Empty;
    }
    public static MvcHtmlString AuthorizeActionLink(this HtmlHelper helper, string linkText, string actionName, string controllerName, RouteValueDictionary routeValues, IDictionary<string, object> htmlAttributes)
    {
        if (HasActionPermission(helper, actionName, controllerName))

            return helper.ActionLink(linkText, actionName, controllerName, routeValues, htmlAttributes);

        return MvcHtmlString.Empty;
    }
    static bool HasActionPermission(this HtmlHelper htmlHelper, string actionName, string controllerName)
    {
        ControllerBase controllerToLinkTo = string.IsNullOrEmpty(controllerName)
            ? htmlHelper.ViewContext.Controller
            : GetControllerByName(htmlHelper, controllerName);

        ControllerContext controllerContext = new ControllerContext(htmlHelper.ViewContext.RequestContext, controllerToLinkTo);

        ReflectedControllerDescriptor controllerDescriptor = new ReflectedControllerDescriptor(controllerToLinkTo.GetType());
        ActionDescriptor actionDescriptor = controllerDescriptor.FindAction(controllerContext, actionName);

        return ActionIsAuthorized(controllerContext, actionDescriptor);
    }

    static bool ActionIsAuthorized(ControllerContext controllerContext, ActionDescriptor actionDescriptor)
    {
        if (actionDescriptor == null)
            return false;

        AuthorizationContext authContext = new AuthorizationContext(controllerContext, actionDescriptor);
         foreach (Filter authFilter in FilterProviders.Providers.GetFilters(authContext, actionDescriptor))
        {
            if (authFilter.Instance is System.Web.Mvc.AuthorizeAttribute)
            { 


            ((IAuthorizationFilter)authFilter.Instance).OnAuthorization(authContext);

            if (authContext.Result != null)
                return false;
            }
        }

        return true;
    }

    static ControllerBase GetControllerByName(HtmlHelper helper, string controllerName)
    {
        IControllerFactory factory = ControllerBuilder.Current.GetControllerFactory();

        IController controller = factory.CreateController(helper.ViewContext.RequestContext, controllerName);

        if (controller == null)
        {
            throw new InvalidOperationException(
                string.Format(
                    CultureInfo.CurrentUICulture,
                    "Controller factory {0} controller {1} returned null",
                    factory.GetType(),
                    controllerName));
        }

        return (ControllerBase)controller;
    }

}

答案 1 :(得分:7)

我会写一个自定义操作链接助手:

public static class LinkExtensions
{
    public static IHtmlString ActionLinkIfInRole(
        this HtmlHelper htmlHelper, 
        string roles,
        string linkText, 
        string action
    )
    {
        if (!Roles.IsUserInRole(roles))
        {
            return MvcHtmlString.Empty;
        }
        return htmlHelper.ActionLink(linkText, action);
    }
}

然后在我的观点中:

@Html.ActionLinkIfInRole("Administrators", "Create New", "Create")