Ali*_*uri 5 c# asp.net-mvc access-control custom-attributes
我正在尝试为我的MVC应用程序实现一种新的基于权限的访问方法; 我们有几个权限组,每个组都包含一个权限列表.例如,我们有Invoices权限组,其中包含CreateInvoice,RemoveInvoice,etc权限密钥.
在这种方法中,每个mvc Action都需要特定的执行权限.我正在尝试通过CustomAttributes执行此操作,如下所示:
public class InvoiceController : Controller
{
[RequirePermission(Permissions.Invoices.CreateInvoice)]
public ActionResult Create()
{
return View();
}
}
为了让开发人员更容易记住不同的权限组和权限密钥,我正在尝试创建一个预定义的权限列表,该权限应该是权限组和权限密钥的组合.但由于在C#中使用属性参数的限制,我无法使其工作.(我不想制作一个额外的大型枚举器并将所有权限密钥放在那里)
我的最后一次尝试是为每个权限组创建一个枚举器,然后在其中将权限键定义为枚举常量:
public class PermissionEnums
{
[PermissionGroup(PermissionGroupCode.Invoice)]
public enum Invoices
{
CreateInvoice = 1,
UpdateInvoice = 2,
RemoveInvoice = 3,
ManageAttachments = 4
}
[PermissionGroup(PermissionGroupCode.UserAccounts)]
public enum UserAccounts
{
Create = 1,
ChangePassword = 2
}
}
正如您所看到的,我们在这里有代码组合,使用PermissionGroup属性指定的权限组密钥和在每个枚举常量上指定为数字代码的权限密钥的代码.
RequirePermission属性定义如下:
public class RequirePermissionAttribute : Attribute
{
private Enum _Permission;
public RequirePermissionAttribute(Enum Permission)
: base()
{
_Permission = Permission;
}
}
但问题是类型的对象Enum不能用作属性参数.
任何建议/想法都表示赞赏
我找到了解决方案,唯一需要改变的是constructure参数的类型.而不是使用Enum你必须使用object:
public class RequirePermissionAttribute : AuthorizeAttribute
{
private object _Permission;
public RequirePermissionAttribute(object Permission)
: base()
{
_Permission = Permission;
}
}
这是完整的代码:
/***************** Permission Groups And Keys *****************/
public static class Permissions
{
[PermissionGroup(PermissionGroupCode.Invoice)]
public enum Invoices
{
CreateInvoice = 1,
UpdateInvoice = 2,
RemoveInvoice = 3,
ManageAttachments = 4
}
[PermissionGroup(PermissionGroupCode.UserAccounts)]
public enum UserAccounts
{
Create = 1,
ChangePassword = 2
}
}
public enum PermissionGroupCode
{
Invoice = 1,
UserAccounts = 2,
Members = 3
}
/***************** Attributes & ActionFilters *****************/
[AttributeUsage(AttributeTargets.Enum)]
public class PermissionGroupAttribute : Attribute
{
private PermissionGroupCode _GroupCode;
public PermissionGroupCode GroupCode
{
get
{
return _GroupCode;
}
}
public PermissionGroupAttribute(PermissionGroupCode GroupCode)
{
_GroupCode = GroupCode;
}
}
public class RequirePermissionAttribute : AuthorizeAttribute
{
private object _RequiredPermission;
public RequirePermissionAttribute(object RequiredPermission)
: base()
{
_RequiredPermission = RequiredPermission;
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var permissionGroupMetadata = (PermissionGroupAttribute)_RequiredPermission.GetType().GetCustomAttributes(typeof(PermissionGroupAttribute), false)[0];
var groupCode = permissionGroupMetadata.GroupCode;
var permissionCode = Convert.ToInt32(_RequiredPermission);
return HasPermission(currentUserId, groupCode, permissionCode);
}
}