ASP.NET MVC，'票务必需的'属性 [英] ASP.NET MVC, 'Ticket Required' Attribute

问题描述

我试图建立一个系统，允许用户执行某些操作，但他们的帐户必须有一个特定的门票每次他们这样做。例如，假设他们希望创建一个产品，他们需要一个 CreateProductTicket 。

I am attempting to build a system that allows users to perform certain actions, but their account must have a specific 'Ticket' per time they do it. For instance, suppose they wish to create a Product, they would need a CreateProductTicket.

我可以简单地做一些如果语句，肯定的，但我想尝试多一点一个强大的解决方案。我的结构看起来是这样的...

I could simply do this with some 'if' statements, sure, but I want to try a bit more of a robust solution. My structure looks something like this...

interface ITicket<T> where T : ITicketable
{
}

我的基本目标是建立一个属性，也许像下面的。

My basic goal is to build an Attribute, perhaps like the following..

public class TicketRequiredAttribute : Attribute
{
 public TicketRequiredAttribute(ITicket<T> ticket)
 {
  if(ticket == null) 
    return;
  }
}

并能装点控制器或库这一行动。因此，像...

And to be able to decorate Controller or Repository Actions with this. So like ...

[TicketRequired(CreateProductTicket)]
public ActionResult CreateProduct(Product product)
{
 // ... **I am unsure how to tell if TicketRequired was true or not**
}

问题1

我不带属性足够熟悉，知道如何判断TicketRequired是符合或没有。任何人都可以见识一下呢？

Problem 1

I'm not familiar enough with attributes to know how to tell if TicketRequired was 'met' or not. Can anyone enlighten me on this?

我遇到的问题是与数据库查询。我希望能够检查用户（ IMembershi prepository 有一个的getUser 法），但我中号不完全肯定怎么做，通过一个属性。

The problem I am running into is with database querying. I want to be able to check the user (IMembershipRepository has a GetUser method), but I'm not entirely certain how to do that through an attribute.

使用 Castle.Windsor ，我有我的依赖注入设立注入到库控制器。我想我可以通过 IMembershi prepository 通过 TicketRequired 的构造，但我有一种感觉，这将成为很凌乱 - 极不稳定。有接近这更合乎逻辑的方式？

Using Castle.Windsor, I have my Dependency Injection set up to inject repositories into controllers. I suppose I could pass the IMembershipRepository through the TicketRequired constructor, but I have a feeling that will become very messy - and extremely unstable. Is there a more logical way to approach this?

推荐答案

您快到了。您可以在 http://www.asp.net/mvc找到更多​​详情/教程/谅解行动过滤器-CS

由于该网站是在那里我做我的所有授权我只会用行动上的属性。

I would only use the attribute on the action since the website is where I do all my authorization.

下面是一个可能的解决方案。我没有测试过这一点，但它应该工作。你需要验证，我重定向方式，不知道这是正确的方式。

Here is a possible solution. I have not tested this, but it should work. You'll need to verify the way I'm redirecting, not sure if that's the proper way.

 public class TicketRequiredActionFilter : ActionFilterAttribute
 {
        private Type _ticketType;

  public TicketRequiredAttribute(Type ticketType)
  {
        _ticketRequired = ticketType;     
  }

  public override void OnActionExecuting(ActionExecutingContext filterContext)
  {
     UserServices userServices = GetUserServicesViaDIContainer(); // you'll need to figure out how to implement this 
     string userId = filterContext.HttpContext.User.Identity.Name
     bool hasTicket = userServices.HasTicket(_ticketType, (int)userId); // again, you'll need to figure out the exact implementation
     if(!hasTicket)
     {
        filterContext.Result = new RedirectToRouteResult(new RouteValueDictionary { { "controller", "Home" }, {"action", "NoPermission" } })
     }
     else
     { 
        base.OnActionExecuting(filterContext);
     }     
  }
}

在你的控制器：

[TicketRequiredActionFilter(typeof(CreateProductTicket))]
public ActionResult MyMethod()
{
    // do stuff as if the person is authorized and has the ticket
}

如果用户没有票，一个重定向是问题;，否则，继续正常。

If the user doesn't have the ticket, a redirect is issues;, otherwise, continue as normal.

这篇关于ASP.NET MVC，'票务必需的'属性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！