所有模型的权限感知(图标)操作链接:如何?
我有几个模型,我想为这些模型显示一些常见的操作链接图标(新建、详细信息、编辑、删除)以及仅针对某些模型的一些特定图标;仅当用户有权执行该操作时,才必须显示这些图标链接。权限是由角色决定的,但我想将它们抽象出来,以便将明确需要的角色只写在一处。
我还想使用相同的逻辑来显示图标并“保护”操作方法,这样如果过去需要 Foo 角色来编辑 lolcatz,现在我想将其更改为 < code>Bar 角色,我只需要改变一件事。
有很多方法可以实现这一点,但我不确定如何继续。
我可以编写一个 ModelAction 类,负责决定单个操作的权限、链接、图标、文本,并编写一些 ModelActionsCollection 来收集单个模型的所有可能操作,因此我可以编写一个父类和几个降序类。
我的疑问:
我应该如何将模型与
ModelActionsCollection关联起来?我应该使用哈希还是某些静态类,例如SomeStaticClass.GetModelActionsCollection(someModel)?或typeof(someModel)或"className"或者什么?我应该如何装饰方法?我应该写一些类似的东西:
[MyAuthorize("action", "model")] 公共 ActionResult 操作(...)或者其他什么?
是否可以直接在这些类的方法内访问当前经过身份验证的用户,或者它们是否应该接收用户作为参数?
这个类属于哪个命名空间?他们是模特吗?帮手?或者什么?
最后:有人已经以可重用的方式完成了这一切吗?
I have several models, for which I want to show some common icons for action links (new, details, edit, delete) and some specific ones for certain models only; these iconlinks must only be showed when the user has permission to perform the action. Permissions are decided by roles, but I'd like to abstract them, so that the explicit needed roles are written in one place only.
I'd also like to use the same logic to show icons and to "protect" action methods, so that if Foo role used to be needed to edit lolcatz, and now I want to change it to Bar role, I only have to change one thing.
There are many ways to implement this, and I'm unsure on how to proceed.
I could write a ModelAction class, responsible for deciding permissions, link, icon, text for a single action, and some ModelActionsCollection to gather all possible actions for a single model, so that I can write a parent class and several descending ones.
My doubts:
how should I associate models with
ModelActionsCollection? Should I use a hash or some static class, likeSomeStaticClass.GetModelActionsCollection(someModel)? ortypeof(someModel), or"className"or what?how should I decorate methods? should I write something like:
[MyAuthorize("action", "model")] public ActionResult action(...)or something else?
is it okay to access to the current authenticated user directly inside these classes' methods, or should they receive user as parameter?
what namespace this classes belong to? are they models? helpers? or what?
and, finally: has anybody already done all this in a reusable way?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我们正是这样做的
用权限类型标志和 css 中的图标字符串来装饰您的操作
例如
[ActionModelPermission(typeof(ContactModel), PermissionTypes.Create | PermissionTypes.Edit, "typeIcon typeContact")]
ActionModelPermission、PermissionTypes 和 ContactModel 都是我们项目中的类。
然后我们有自己的 ActionLink 帮助器,它从提供的 lambda 中查找方法并进行权限检查,并使用适当的 css 类构建链接
We do exactly this
Decorate your action with a permission type flag and a string for the icon in css
e.g.
[ActionModelPermission(typeof(ContactModel), PermissionTypes.Create | PermissionTypes.Edit, "typeIcon typeContact")]
The ActionModelPermission, PermissionTypes and ContactModel are all classes in our project.
Then we have our own ActionLink helper which finds the method from a lambda supplied and does the permission check, and builds the link with the appropriate css class on it