阻断查询结果访问 [英] block access by query result

查看:110
本文介绍了阻断查询结果访问的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有医院和医疗特色。

在这种方式由医院的ID我的医疗特色页面返回的数据:

本地主机/ MedicalSpecialities / 1,1是HospitalID。如果我手动更改的链接,我可以访问任何医院的信息。

我有关联,以这种方式医院用户:

我需要查询医院ID的用户有关联,并检查当前HospitalID在列表中。

这回该用户已连接所有的医院:

  VAR用户ID = User.Identity.GetUserId();
        VAR的结果= db.Hospitals.Include(UserHospitals)
                              。凡(X => x.UserHospitals
                              。任何(U => u.Id ==用户ID))
                              .ToList();


解决方案

您基本上可以更新你的任何()法的条件,包括对HospitalId列的检查

  VAR hospitalId = 5;
VAR的结果= db.Hospitals
               .INCLUDE(Y => y.UserHospitals)
               。凡(X => x.UserHospitals.Any(U => u.Id ==用户ID
                                                 &功放;&安培; u.HospitalID == hospitalId))
               .ToList();

如果您是这种情况预计只有一个医院,你也可以考虑使用 FirstOrDefault()方法。

  VAR singleHospital = db.Hospitals
                       .INCLUDE(Y => y.UserHospitals)
                       。凡(X => x.UserHospitals.Any(U => u.Id ==用户ID
                                                         &功放;&安培; u.HospitalID == hospitalId))
                       .FirstOrDefault();
如果(singleHospital!= NULL)
{
     //安全使用。
}

I have Hospitals and Medical Specialities.

My Medical Specialities page return data by hospital ID in this way:

localhost/MedicalSpecialities/1, 1 is the HospitalID. if I change manually the link I can access any hospital info.

I have users associated to hospitals in this way:

I need to query the Hospital ID's that user have associated AND check if the current HospitalID is on the list.

This return all hospitals that user have connected:

        var userID = User.Identity.GetUserId();
        var result = db.Hospitals.Include("UserHospitals")
                              .Where(x => x.UserHospitals
                              .Any(u => u.Id == userID))
                              .ToList();

解决方案

You can basically update the condition in your Any() method to include a check against the HospitalId column.

var hospitalId =5;
var result = db.Hospitals
               .Include(y=>y.UserHospitals)
               .Where(x => x.UserHospitals.Any(u => u.Id == userID 
                                                 && u.HospitalID==hospitalId ))
               .ToList();

If you are expecting only a single hospital for this condition, you may also consider using FirstOrDefault() method.

var singleHospital = db.Hospitals
                       .Include(y=>y.UserHospitals)
                       .Where(x => x.UserHospitals.Any(u => u.Id == userID 
                                                         && u.HospitalID==hospitalId ))
                       .FirstOrDefault();
if(singleHospital!=null)
{
     //Safely use it.
}

这篇关于阻断查询结果访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
C#/.NET最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆