我有控制器的操作,它與一些實體(驅動程序)一起工作。此外,每個驅動程序鏈接與身份配置文件如何在許多控制器的許多操作中實現一些代碼
public async Task<ActionResult> Details(int? id)
{
if ((id == null))
{
return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
}
DriverDetailVM model = mapper.Map<DriverDetailVM>(db.Drivers.Find(id));
if ((model == null))
{
return HttpNotFound();
}
return View(model);
}
public async Task<ActionResult> Edit(int? id = null, bool isNewUser = false)
{
/////////
}
如果用戶有角色「超級管理員」然後,他訪問具有價值的任何標識的頁面。如果用戶具有「驅動程序」角色,那麼只有當id值與他的個人資料相同時,我們才應該有權訪問。我嘗試實現它ActionFilter:
public class DriverAccessActionFilterAttribute : ActionFilterAttribute
{
public string IdParamName { get; set; }
public int DriverID { get; set; }
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
if (filterContext.HttpContext.User.IsInRole("Driver"))
{
if (filterContext.ActionParameters.ContainsKey(IdParamName))
{
var id = filterContext.ActionParameters[IdParamName] as Int32;
if (id != DriverID)
filterContext.Result = new HttpStatusCodeResult(HttpStatusCode.Forbidden);
}
else
filterContext.Result = new HttpStatusCodeResult(HttpStatusCode.BadRequest);
}
else
base.OnActionExecuting(filterContext);
}
}
但是當我嘗試使用此代碼:
[DriverAccessActionFilter(DriverID = currentUser.DriverId, IdParamName = "id")]
public async Task<ActionResult> Details(int? id)
{
它不希望被編譯,因爲
對象引用所需的非靜電場,方法或 屬性
如何實現它?
我想過校長,謝謝 –
不客氣,試着開車'AuthorizationFilterAttribute'而不是'ActionFilterAttribute'。 – Zeeshan