为登录用户MVC访问限制 [英] MVC access restriction for logged in users
问题描述
我道歉,如果这已经被提问和回答,但我找不到任何可以帮助我。想象一下,你有两个客户端的情况。两者都登录,验证,都是管理员(为自己的帐户)。他们每个人都可以编辑自己的产品。 Client_1与可编辑的产品1,2和5的Client_2可以编辑产品3,4和6。所以,在我的控制器我有一个动作:
I apologies if that has already been asked and answered but I could not find anything that could help me. Imagine a scenario where you have two clients. Both are logged in, authenticated and both are admins (for their own accounts). Each one of them can edit their products. Client_1 can edit products 1,2 and 5 and Client_2 can edit products 3,4 and 6. So in my controller I have an action:
[Authorize(Roles="Admin")]
public ActionResult EditProduct(int productID)
{
//Edit product here
}
每个客户都有自己的产品列表中,他们可以点击编辑按钮可将他们带到编辑页面。我的问题是:如何从打字停止的Client_1
Each client has a list of their products, they can click on the edit button that takes them to the edit page. My questions is: How to stop Client_1 from typing in
的http://我的空间/ EditProduct / 3
//这个prduct应该只可以编辑的Client_2
http://mypage/EditProduct/3
//this prduct should only be editable by Client_2
目前,各功能进行检查,如果用户可以编辑这个产品。我必须写在每一个功能的自定义逻辑,将停止呢?
At the moment each function performs a check if user can edit this product. Do I have to write a custom logic in every function that would stop it?
[Authorize(Roles="Admin")]
public ActionResult EditProduct(int productID)
{
//if(logedinUser can edit this product)
//{
// Edit product here
//}
}
这是很好下手,但现在这些限制的功能的数量增长,我想停止重复同样的检查了一遍又一遍。
That was fine to start with but now the number of these 'restricted functions' grew and I would like to stop repeating the same check over and over again.
是否有实现这一目标的一个更好的办法?
Is there a better way of achieving this?
推荐答案
您可以巩固那种逻辑与自定义AuthorizationFilter。
You could consolidate that sort of logic with a custom AuthorizationFilter.
<一个href=\"http://geekswithblogs.net/brians/archive/2010/07/08/implementing-a-custom-asp.net-mvc-authorization-filter.aspx\" rel=\"nofollow\">http://geekswithblogs.net/brians/archive/2010/07/08/implementing-a-custom-asp.net-mvc-authorization-filter.aspx
这篇关于为登录用户MVC访问限制的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!