Nan*_*ani 1 .net asp.net-mvc filter custom-attributes asp.net-mvc-4
我的控制器在类级别使用一个属性,它只允许一个角色访问。这个控制器有 20 多个动作。但是对于仅一项操作,我还需要一个角色才能获得访问权限。我已经在类级别声明了属性过滤器,以便它对控制器类中的所有操作都能正常工作。但现在我只想在同一个控制器中覆盖一个动作。有没有可能?我正在使用 .Net 4.5 版。
过滤器属性实现是这样的:
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = true)]
public class RequireModulePermissionAttribute : AuthorizeAttribute
{
//code goes here
}
控制器类:
[RequireModulePermission("Admin")]
public class AdministrationController : Controller
{
[HttpPost]
[RequireModulePermission("Admin","Supervisor")]
public ActionResult CreateUser(UserViewModel userVM)
{
//code goes here
}
}
看看这个答案(看看案例2)/sf/answers/1169933411/
本质上,您将需要第二个属性来表示覆盖。
所以你的属性变成:
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = true)]
public class RequireModulePermissionAttribute : AuthorizeAttribute
{
public override void OnAuthorization(AuthorizationContext filterContext)
{
var action = filterContext.ActionDescriptor;
if (action.IsDefined(typeof(OverrideRequireModulePermissionAttribute ), true)) return;
//code goes here
}
}
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = true)]
public class OverrideRequireModulePermissionAttribute : AuthorizeAttribute
{
public override void OnAuthorization(AuthorizationContext filterContext)
{
base.OnAuthorization(filterContext);
}
}
你使用它就像
[RequireModulePermission("Admin")]
public class AdministrationController : Controller
{
[HttpPost]
[OverrideRequireModulePermission("Admin","Supervisor")]
public ActionResult CreateUser(UserViewModel userVM)
{
//code goes here
}
}