如何检查是否用户角色具有读/写访问特定视图 [英] How to check if user role has read/write access to a specific view
问题描述
我有一个 ASP.NET MVC 4 应用程序。我想实现一个解决方案,我检查,如果用户可以访问视图,如果没有则显示错误。如果用户可以访问视图,然后我需要检查,如果该用户具有读访问或阅读和编辑访问来这种观点。如果用户已经读访问显示,如果阅读和编辑访问,则用户可以看到一个细节视图或者可以编辑该数据,则只是一个普通的详细信息视图。
I have a ASP.NET MVC 4 application. I am trying to implement a solution where I check if a user can access a view, if not then display an error. If the user can access a view then I need to check if that user has read access or read and edit access to that view. If the user has read access then just a normal details view is displayed, if read and edit access then the user can see a details view or can edit the data.
是这样的可能吗?我试图寻找通过一对夫妇的入门工具包,我在codePLEX发现的,但我找不到像我想要的。这将如何实施?如果可能的话,如果任何人任何样本项目都知道,我可以下载然后,我将AP preciate。我想通过code的工作,我了解这种方式。
Is something like this possible? I have tried looking through a couple of starter kits that I found on Codeplex but I can't find something like I want. How would this be implemented? If possible, if anyone knows of any sample project that I can download then I will appreciate. I like to work through code, I learn more this way.
我想这一切是数据库驱动。
I want this all to be database-driven.
推荐答案
您应该多进AuthorizeAttribute以及如何使用角色。基本上,你给你的用户的角色(可以从数据库中可读取)和每个视图要限制在你的应用程序访问您添加授权与角色一起属性。默认情况下,我认为,你只能限制访问或根本无法获得,但你大概可以覆盖和编写自定义的属性,给你你有兴趣的行为。
You should look more into the AuthorizeAttribute and how to use roles. Basically you give your users roles (that may be fetched from the database) and for every view you wish to limit access in your application you add the Authorize attribute together with the roles. By default I think you can only limit to access or no access but you can probably override and write your custom attribute to give you the behavior you are interested in.
另外,你可以在你的控制器管理用户权限。既然你知道了身份验证的用户角色和访问他们,你可以在控制器执行检查,并创建该视图(禁用投入等)
Alternatively, you can manage the user privileges in your controllers. Since you know the authenticated users roles and have access to them you can perform the check in the controller and create the view from that (disabled inputs etc.)
相关
- ASP.Net MVC: Can the AuthorizeAttribute be overriden?
- Granular permissions with certain requirements for an MVC site
这篇关于如何检查是否用户角色具有读/写访问特定视图的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
