在 ASP.NET MVC 中实现用户暂停或处罚系统
我正在 ASP.NET MVC 中编写一个具有用户帐户的网站。由于该网站将面向讨论,我认为我需要一个管理员系统来管理用户,就像我们在 Stack Overflow 上的系统一样。我希望能够将用户置于“暂停”状态,以便他们能够登录该网站(此时他们会收到一条消息,例如“您的帐户已被暂停直到[日期]”),但无法执行用户通常能够执行的功能。
实现这一点的最佳方法是什么?
我正在考虑创建一个“暂停”角色,但问题是,我为普通用户本身设置了一些不同的角色,并具有不同的权限。
您以前设计过这样的功能吗?我该怎么做呢?提前致谢。
I'm writing a site in ASP.NET MVC that will have user accounts. As the site will be oriented towards discussion, I think I need a system for admins to be able to moderate users, just like we have here, on Stack Overflow. I'd like to be able to put a user into a "suspension", so that they are able to log in to the site (at which point they are greeted with a message, such as, "Your account has been suspended until [DATE]"), but are unable to do the functions that users they would normally be able to do.
What's the best way of implementing this?
I was thinking of creating a "Suspended" role, but the thing is, I have a few different roles for normal users themselves, with different privileges.
Have you ever designed a feature like this before? How should I do it? Thanks in advance.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
我认为角色是一种无需编写大量管道代码的方法。
创建一个名为 Active 的角色,默认情况下每个人都是该角色的成员。然后在用户被暂停时将其从该角色中移除。
您想要拒绝暂停用户的每项操作都需要 Active 角色。简单。
I think roles is the way to go without writing lots of plumbing code.
Create a role called Active which everyone is a member of by default. Then take users out of that role while they are suspended.
Every action you want to deny to suspended users requires the Active role. Simples.
让我将评论转换为答案,并利用 Zach 和 James 的答案来提供我认为可行的解决方案,而无需进入“自定义提供商区域”。虽然编写自定义提供程序并不是非常复杂,但根据我的经验,如果您可以让内置提供程序执行您想要的操作,即使它需要到处闻一闻,也总是最好的路线。
添加一个角色,例如
WellGroomedAndBehavesSelf,该角色控制对整洁且行为良好的用户应有权访问的内容的访问。在 web.config 中实现配置文件并添加
ReinstateDate属性(或UngroundedOnDate;-D)。当用户行为不当时,将其从角色
WellGroomedAndBehavesSelf中删除,并设置ReinstateDate配置文件属性。在您的登录逻辑中,覆盖
OnAuthenticate并检查ReinstateDate配置文件属性(如果存在并通过),清除它并将用户添加到角色WellGroomedAndBehavesSelf。完成,无需定制提供商。
更新:
另一种方法是检查角色
WellGroomedAndBehavesSelf,如果丢失,则检查配置文件中的恢复日期。如果它已通过或不存在,请将用户放回WellGroomedAndBehavesSelf。效果相同,但逻辑上的细微变化将提供更强大的解决方案。
如何实施配置文件:
如果您使用的是网站站点项目,请查看此处。
如果您使用的是网络应用程序项目,请查看这里。
Let me convert a comment to an answer and rape Zach and James answers to provide what I think would be a workable solution without the need to enter the 'custom provider zone'. While writing custom providers is not terribly complicated it is my experience that if you can get the built in providers to do what you want, even if it requires a smell here or there, is always the best route.
Add a role, say
WellGroomedAndBehavesSelf, that controls access to things that well groomed and behaved users should have access to.Implement a profile in your web.config and add a
ReinstateDateproperty (orUngroundedOnDate;-D).When a user misbehaves, remove them from the role
WellGroomedAndBehavesSelfand set theReinstateDateprofile property.In your login logic, override
OnAuthenticateand check for aReinstateDateprofile property, if present and passed, clear it and add the user to the roleWellGroomedAndBehavesSelf.Done and no need for custom providers.
UPDATE:
An alternate approach, and probably more robust preventing users from being grounded forever if somehow the profile gets cleared elsewhere than login logic, is to check for the role
WellGroomedAndBehavesSelfand if missing, THEN check the profile forReinstateDate. If it has passed or is not present, put the user back intoWellGroomedAndBehavesSelf.Same effect, but the subtle change in logic will provide a more robust solution.
How to implement Profiles:
If you are using a Web Site project look here.
If you are using a Web Application project look here.
我不知道您的对象模型是什么样的,但我假设任何用户都可以被暂停。
编辑:我想到了一种替代解决方案,考虑到您需要在某处序列化数据,该解决方案可能更简单。也许您可以在“用户”对象上使用常规
DateTime,但为新用户将其初始化为DateTime.MinValue。每当您将用户置于“暂停状态”时,请将suspendedUntil设置为他们被暂停的时间。每当您需要检查用户是否处于挂起状态时,只需将
suspendedUntil与DateTime.Now进行比较即可。如果suspendedUntil出现在DateTime.Now之后,您就知道用户已暂停,直到指定的日期和时间。否则,用户不会被暂停。用户解除挂起状态后,无需修改suspendedUntil,因为它会在DateTime.Now之后。序列化
DateTime需要保存suspendedUntil.ToBinary()的值并使用DateTime.FromBinary(long)“重新水合”它。I don't know what your object model looks like, but I would assume that any user could be suspended.
Edit: I've thought of an alternate solution which is probably simpler considering that you will need to serialize the data somewhere. Perhaps you could use a regular
DateTimeon your 'user' object, but initialize it toDateTime.MinValuefor new users. Whenever you put a user 'in suspension', setsuspendedUntilto the time they are suspended until.Whenever you need to check to see whether a user is in suspension or not, just compare
suspendedUntilwithDateTime.Now. IfsuspendedUntilcomes afterDateTime.Now, you know the user is suspended until the date and time specified. Otherwise, the user is not suspended. After a user comes out of suspension, there is no need to modifysuspendedUntilsince it will then be afterDateTime.Now.Serializing the
DateTimewould be a matter of saving the value ofsuspendedUntil.ToBinary()and "rehydrating" it usingDateTime.FromBinary(long).