I need to write some code to find an ID in my database of a Project. Users are coupled to a project and all the projects have a lot of connections to other objects, such as Sessions.
我需要编写一些代码在我的项目数据库中找到ID。用户连接到一个项目,所有项目都与其他对象有很多连接,比如会话。
Now I need to check before running any Actions, if the user trying to access the Session, is connected to the same project as the session is connected to.
现在我需要在运行任何操作之前检查,如果试图访问会话的用户连接到与会话连接的项目。
For this i want to use an [Attribute] on the Actions. MVC: creating a custom [AuthorizeAttribute] which takes parameters?
为此,我想在操作上使用[属性]。MVC:创建一个接受参数的自定义[AuthorizeAttribute] ?
This question and answer got me started, but i'm having trouble using the constructor of the controller to get my Project ID
这个问题和答案让我开始了,但是我在使用控制器的构造函数获取项目ID时遇到了麻烦
the goal is that i can write some code in each constructor, of all my controllers of objects depending on the Projects, find the project ID, and make it accessible (public), so my [customauthorize] will have access to this project ID to check whether the user has access or not.
目标是,我可以在每个构造函数中(根据项目的不同,我的所有对象控制器)编写一些代码,找到项目ID,并使其可访问(公共),因此我的[customauthorize]将有权访问这个项目ID,以检查用户是否有访问权限。
My problem:
我的问题:
public class SessionController : Controller {
NASDataContext _db = new NASDataContext();
public SessionController() {
var test = RouteData;
var ses = _db.Sessies.First(q=>q.Ses_ID==1);
}
How do I access my routedata? RouteData is null, HttpContext is null and Request is null.
如何访问路由数据?RouteData为空,HttpContext为空,请求为空。
I need the ID in the url, which is in the routedata...
我需要url中的ID,这是在routedata中…
2 个解决方案
#1
1
I would suggest placing this check in the Model rather than the Controller. In the Controller you'll need to decorate each action that requires this check, remember this is going execute code on every action you apply it to so you probably don't want to apply it at Controller level to start with. The simpler approach is to implement the check once in the Model then you have no 'concern' in your Controller for access rights. This will make the testing of this access right check possible as you'll only have the test in one place.
我建议将这个检查放在模型中而不是控制器中。在控制器中,你需要装饰每一个需要这个检查的动作,记住这将在你应用它的每一个动作上执行代码所以你可能不想在控制器层应用它。更简单的方法是在模型中实现一次检查,然后在控制器中就没有访问权限的“关注点”了。这将使这个访问权限检查成为可能,因为您将只在一个地方进行测试。
#2
1
This is what i did now to fix it and i'm quite happy about it.
这就是我现在修复它的方法,我很高兴。
Module Partial:
模块部分:
public partial class Module {
public string FullName {
get {
return Mod_Code + " " + Mod_Titel;
}
}
public string ShortName {
get {
return Mod_Code;
}
}
public bool IsAccessible() {
return this.Projecten.IsAccessible();
}
}
Projects Partial:
项目部分:
public partial class Projecten {
public string FullName {
get {
if (Proj_Kortenaam == Proj_Naam)
return Proj_Kortenaam;
return Proj_Kortenaam + " " + Proj_Naam;
}
}
public string ShortName {
get {
return Proj_Kortenaam;
}
}
public bool IsAccessible() {
return IsAccessible(HttpContext.Current.User);
}
public bool IsAccessible(IPrincipal user) {
//this code checks if the user can access or not
return MvcApplication.projectToegankelijk(user, this._Proj_ID);
}
}
then in the Modules controller
然后在模块控制器中。
[NonAction]
public ActionResult noRights() {
ViewData["delError"] = "You have no rights.";
return View("Error");
}
//
// GET: /Modules/Details/5
public ActionResult Details(int id) {
var mod = _db.Modules.First(q => q.Mod_ID == id);
if (mod.IsAccessible()) {
return View(mod);
}
return noRights();
}
I think this works pretty neat :)
我觉得这个很好用
#1
1
I would suggest placing this check in the Model rather than the Controller. In the Controller you'll need to decorate each action that requires this check, remember this is going execute code on every action you apply it to so you probably don't want to apply it at Controller level to start with. The simpler approach is to implement the check once in the Model then you have no 'concern' in your Controller for access rights. This will make the testing of this access right check possible as you'll only have the test in one place.
我建议将这个检查放在模型中而不是控制器中。在控制器中,你需要装饰每一个需要这个检查的动作,记住这将在你应用它的每一个动作上执行代码所以你可能不想在控制器层应用它。更简单的方法是在模型中实现一次检查,然后在控制器中就没有访问权限的“关注点”了。这将使这个访问权限检查成为可能,因为您将只在一个地方进行测试。
#2
1
This is what i did now to fix it and i'm quite happy about it.
这就是我现在修复它的方法,我很高兴。
Module Partial:
模块部分:
public partial class Module {
public string FullName {
get {
return Mod_Code + " " + Mod_Titel;
}
}
public string ShortName {
get {
return Mod_Code;
}
}
public bool IsAccessible() {
return this.Projecten.IsAccessible();
}
}
Projects Partial:
项目部分:
public partial class Projecten {
public string FullName {
get {
if (Proj_Kortenaam == Proj_Naam)
return Proj_Kortenaam;
return Proj_Kortenaam + " " + Proj_Naam;
}
}
public string ShortName {
get {
return Proj_Kortenaam;
}
}
public bool IsAccessible() {
return IsAccessible(HttpContext.Current.User);
}
public bool IsAccessible(IPrincipal user) {
//this code checks if the user can access or not
return MvcApplication.projectToegankelijk(user, this._Proj_ID);
}
}
then in the Modules controller
然后在模块控制器中。
[NonAction]
public ActionResult noRights() {
ViewData["delError"] = "You have no rights.";
return View("Error");
}
//
// GET: /Modules/Details/5
public ActionResult Details(int id) {
var mod = _db.Modules.First(q => q.Mod_ID == id);
if (mod.IsAccessible()) {
return View(mod);
}
return noRights();
}
I think this works pretty neat :)
我觉得这个很好用