我想根據用戶的授權顯示/隱藏編輯/刪除鏈接(包括菜單項)。我已經實現了AuthorizeAttribute,併爲覆蓋AuthorizeCore的角色檢查定製邏輯。我想在檢查用戶是否有權查看LinkExtensions方法內的編輯/刪除鏈接時使用該邏輯。 這是我的設置:ASP.NET MVC 4自定義角色授權顯示/隱藏編輯/刪除視圖中的鏈接
public class AuthorizeActivity : AuthorizeAttribute
{
public override void OnAuthorization(AuthorizationContext filterContext)
{
base.OnAuthorization(filterContext);
}
protected override bool AuthorizeCore(System.Web.HttpContextBase httpContext)
{
bool isAuthorized = base.AuthorizeCore(httpContext);
string actionType = httpContext.Request.HttpMethod;
string controller = httpContext.Request.RequestContext.RouteData.Values["controller"].ToString();
string action = httpContext.Request.RequestContext.RouteData.Values["action"].ToString();
//ADMINS
if (controller == "Admin")
{
if (httpContext.User.IsInRole(Constants.Admin))
return true;
}
else
{
//DATA READERS ONLY
if ((action == "Details") || (action == "Index"))
{
if (httpContext.User.IsInRole(Constants.DataReader))
return true;
}
//DATA WRITERS & IT
else
{
...
}
}
return false;
}
而且我用費雯麗CHEVALLIER的邏輯創建授權的行動鏈路擴展這裏概述:http://vivien-chevallier.com/Articles/create-an-authorized-action-link-extension-for-aspnet-mvc-3 現在,在我看來,我可以使用:
<li>@Html.ActionLinkAuthorized("Admin", "Index", "Admin",false) </li>
和鏈接要麼根據用戶權限顯示或不顯示。 在我的控制器的動作與裝飾:
[AuthorizeActivity]
public ActionResult Index()
{
return View(view);
}
授權鏈接不會起作用,除非我也是,我認爲這是多餘的,像這樣的屬性指定「角色」:
[AuthorizeActivity(Roles = Constants.roleSalesContractAdmin)]
public ActionResult Index()
{
return View(view);
}
我似乎無法找到重用AuthorizeAttribute中邏輯的方法。理想情況下,它將在ActionLinkAuthorized中被稱爲像Vivien's那樣:
public static MvcHtmlString ActionLinkAuthorized(this HtmlHelper htmlHelper, string linkText, string actionName, string controllerName, RouteValueDictionary routeValues, IDictionary<string, object> htmlAttributes, bool showActionLinkAsDisabled)
{
if (htmlHelper.ActionAuthorized(actionName, controllerName)) //The call to verify here -- or inside ActionAuthorized
{
return htmlHelper.ActionLink(linkText, actionName, controllerName, routeValues, htmlAttributes);
}
else
{
if (showActionLinkAsDisabled)
{
TagBuilder tagBuilder = new TagBuilder("span");
tagBuilder.InnerHtml = linkText;
return MvcHtmlString.Create(tagBuilder.ToString());
}
else
{
return MvcHtmlString.Empty;
}
}
}
這是ActionAuthorized方法。當您裝飾一個動作或一個授權屬性的控制器OnAuthorization調用不會去定製一個
public static bool ActionAuthorized(this HtmlHelper htmlHelper, string actionName, string controllerName)
{
ControllerBase controllerBase = string.IsNullOrEmpty(controllerName) ? htmlHelper.ViewContext.Controller : htmlHelper.GetControllerByName(controllerName);
ControllerContext controllerContext = new ControllerContext(htmlHelper.ViewContext.RequestContext, controllerBase);
ControllerDescriptor controllerDescriptor = new ReflectedControllerDescriptor(controllerContext.Controller.GetType());
ActionDescriptor actionDescriptor = controllerDescriptor.FindAction(controllerContext, actionName);
if (actionDescriptor == null)
return false;
FilterInfo filters = new FilterInfo(FilterProviders.Providers.GetFilters(controllerContext, actionDescriptor));
AuthorizationContext authorizationContext = new AuthorizationContext(controllerContext, actionDescriptor);
foreach (IAuthorizationFilter authorizationFilter in filters.AuthorizationFilters)
{
authorizationFilter.OnAuthorization(authorizationContext); //This call
if (authorizationContext.Result != null)
return false;
}
return true;
}
你應該看看我的anwsear,可以給你一個想法:http://stackoverflow.com/questions/18874081/asp-net-mvc-alternatively-rendering-editorfor-based-on-user-role/18874497#18874497 – Fals 2014-09-10 18:56:02
爲什麼不要將自定義授權屬性的AuthorizeCore中的邏輯提取爲靜態方法,將它放入某個靜態類並在屬性和助手中重用它? – 2014-09-10 19:02:39