在控制器类授权角色继承 [英] Inheritance of Authorized Roles in controller classes

问题描述

我创建控制器类，以协助角色授权。

我有一个基类 ControllersAuthorities ，这是权力的最高水平。我创建了其他类来扩展每个基类。

  [授权（角色=所有者）]
公共抽象类ControllerAuthorities：控制器{}
[授权（角色=管理员）]
公共抽象类AdminController：ControllerAuthorities {}[授权（角色=雇员）]
公共抽象类EmployeeController：AdminController {}
[授权（角色=销售）]
公共抽象类SalesController：EmployeeController {}
 

第一个问题，会在所有者，管理​​和员工角色有机会获得 SalesController ？

在实施我的项目控制器这些类。
如果我离开了 [授权] 取消注释，将在覆盖继承的权限角色？

  // [授权]
公共类的AccountController：ControllerAuthorities
{
 

解决方案

看着 AttributeUsage 授权的属性 < A HREF =htt​​ps://msdn.microsoft.com/en-us/library/system.web.mvc.authorizeattribute(v=vs.118).aspx相对=nofollow>属性;

  [AttributeUsageAttribute（AttributeTargets.Class | AttributeTargets.Method，
    继承= TRUE，的AllowMultiple = TRUE）]
公共类AuthorizeAttribute：FilterAttribute，个IAuthorizationFilter
 

继承= TRUE 表示，与此属性装饰可以继承这个属性的类的子类。

的AllowMultiple = TRUE 意味着这个属性可以放置不止一次在同一个实体。

通过继承属性和同一属性的允许的用法你的 SalesController 可视为

  [授权（角色=销售）]
[授权（角色=雇员）]
[授权（角色=管理员）]
[授权（角色=所有者）]
公共抽象类SalesController：EmployeeController {}
 

你可以在此code运行时进行测试。

  VAR一个= typeof运算（SalesController）.GetCustomAttributes（真）.ToArray（）;
 

第一个问题后，会在所有者，管理​​和员工角色有机会获得 SalesController ？
继承的属性被分离，以便它们应用independently.For一个用户访问 SalesController ，用户必须拥有所有角色（所有者 ，管理​​，员工和销售）他们没有一个人

请参阅

之间的区别

  [授权（角色=销售）]
[授权（角色=雇员）]
[授权（角色=管理员）]
[授权（角色=所有者）]
公共抽象类SalesController：EmployeeController {}
 

和

  [授权（角色=所有者，管理，员工，销售）]
公共抽象类SalesController：EmployeeController {}
 

第二个问题：如果你离开 [授权] 取消注释具有相同的逻辑的AccountController 就像

  [授权（角色=所有者）]
[授权]
公共类的AccountController：ControllerAuthorities {}
 

所以它不会覆盖继承的权限只是创建授权属性的多个使用，因为多使用是允许授权属性。如果的AllowMultiple 是假在授权属性definiton然后派生类可以在基类中重写的属性。

I've created controller classes to assist with Role authorization.

I have a base class ControllersAuthorities, which is the highest level of authority. I have created the other classes to extend each base class.

[Authorize(Roles = "Owner")]
public abstract class ControllerAuthorities:Controller { }
[Authorize(Roles = "Admin")]
public abstract class AdminController:ControllerAuthorities { }

[Authorize(Roles = "Employee")]
public abstract class EmployeeController:AdminController { }
[Authorize(Roles = "Sales")]
public abstract class SalesController:EmployeeController { }

First question, will the Owner, Admin and Employee Roles have access to the SalesController?

When implementing these classes in my project controllers. If I leave the [Authorize] uncommented, will this override the inherited authority Role?

//[Authorize]
public class AccountController:ControllerAuthorities
{

解决方案

Looking at AttributeUsage attribute of Authorize attribute ;

[AttributeUsageAttribute(AttributeTargets.Class | AttributeTargets.Method, 
    Inherited = true, AllowMultiple = true)]
public class AuthorizeAttribute : FilterAttribute, IAuthorizationFilter

Inherited= true means that subclasses of the class which decorated with this attribute can inherit this attribute.

AllowMultiple=true means that this attribute can be placed more than once on same entity.

With inherited attributes and allowed usage of same attribute your SalesController can be considered as

[Authorize(Roles = "Sales")]
[Authorize(Roles = "Employee")]
[Authorize(Roles = "Admin")]
[Authorize(Roles = "Owner")]
public abstract class SalesController:EmployeeController { }

And you can test this at runtime with this code.

var a = typeof(SalesController).GetCustomAttributes(true).ToArray();

First question, will the Owner, Admin and Employee Roles have access to the SalesController? Inherited attributes are separated so they are applied independently.For one user to access SalesController , user must have all roles(owner ,admin ,employee and sales) not one of them.

See the difference between

[Authorize(Roles = "Sales")]
[Authorize(Roles = "Employee")]
[Authorize(Roles = "Admin")]
[Authorize(Roles = "Owner")]
public abstract class SalesController:EmployeeController { }

and

[Authorize(Roles = "Owner,Admin,Employee,Sales")]
public abstract class SalesController:EmployeeController { }

Second question: If you leave [Authorize] uncommented with same logic AccountController is like

[Authorize(Roles = "Owner")]
[Authorize]
public class AccountController:ControllerAuthorities{}

So it does not override inherited authority just creates multiple usage of authorize attribute because multiple usage is allowed for Authorize attribute. If AllowMultiple were false in Authorize attribute definiton then derived class could override the attribute in base class.

这篇关于在控制器类授权角色继承的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！