动态添加角色授权的控制器属性 [英] Dynamically add roles to authorize attribute for controller

问题描述

我需要让我的管理员用户更改访问权限用户对飞，这样，他们可以创建新的角色和权限添加到这些角色。

I need to enable my admin user to change access permissions for users on the fly, such that they can create new Roles and add permissions to those Roles.

我希望能够创建一个授权属性坚持我上面的控制器CLAS，我可以从数据库角色添加到，这样我就不必在设置的发展过程中的作用，为[授权（角色=基于role1，role2所）] 等。

I want to be able to create an Authorize attribute to stick above my controller clas that I can add roles to from a database, so that I don't have to 'set' the roles during development, as in [Authorize(Roles="Role1, Role2")] etc.

因此​​，像这样 [授权（角色= GetListOfRoles（）] （我知道这是不正确的语法，但大意的东西，我发现这个问题 - <一个href=\"http://stackoverflow.com/questions/24738624/asp-net-mvc-authorize-user-with-many-roles\">ASP.NET有许多角色MVC授权使用者它做类似的事情，但也许有一种方法来改变这种使得它获得的权限列表/从数据库中的角色？

So something like this [Authorize(Roles = GetListOfRoles()] (I know this is incorrect syntax but something to that effect. I found this question - ASP.NET MVC Authorize user with many roles which does something similar but maybe there's a way to change this such that it gets a list of permissions/roles from the db?

推荐答案

这是我怎么办成了，可能每个授权基于用户角色的权限的方法用户的属性。我希望这可以帮助别人：

This is how I pulled off an attribute that could authorize users per method based on the permissions of the role of that user. I hope this helps somebody else:

/// <summary>
/// Custom authorization attribute for setting per-method accessibility 
/// </summary>
[AttributeUsage(AttributeTargets.Method, AllowMultiple = false, Inherited = true)]
public class SetPermissionsAttribute : AuthorizeAttribute
{
    /// <summary>
    /// The name of each action that must be permissible for this method, separated by a comma.
    /// </summary>
    public string Permissions { get; set; }

    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        SalesDBContext db = new SalesDBContext();
        UserManager<ApplicationUser> userManager = new UserManager<ApplicationUser>(new UserStore<ApplicationUser>(new ApplicationDbContext()));
        ApplicationDbContext dbu = new ApplicationDbContext();

        bool isUserAuthorized = base.AuthorizeCore(httpContext);

        string[] permissions = Permissions.Split(',').ToArray();

        IEnumerable<string> perms = permissions.Intersect(db.Permissions.Select(p => p.ActionName));
        List<IdentityRole> roles = new List<IdentityRole>();

        if (perms.Count() > 0)
        {
            foreach (var item in perms)
            {
                var currentUserId = httpContext.User.Identity.GetUserId();
                var relatedPermisssionRole = dbu.Roles.Find(db.Permissions.Single(p => p.ActionName == item).RoleId).Name;
                if (userManager.IsInRole(currentUserId, relatedPermisssionRole))
                {
                    return true;
                }
            }
        }
        return false;
    }
}

这篇关于动态添加角色授权的控制器属性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！