MVC2 C# 根据 ID 限制对视图的访问

发布于 2024-10-18 06:30:28 字数 681 浏览 2 评论 0原文

我有两张表，一张包含职位，一张包含经理，当将职位 ID 传递到“详细信息”视图时，可以访问该职位的详细信息。

Job_id  Job_Title       Manager_id
23      Chimney Sweep   65
24      Rat Catcher     84

Managers    Email
65          [email protected]
66          [email protected]

我想根据 manager_email 限制对视图的访问 - 例如，如果我们在 http://jobsite/ jobs/Detail/23 那么只有 Arthur 可以访问该视图.. 将使用 AD 来挑选用户的电子邮件..

任何指示将不胜感激！

原文

I have two tables one with jobs one with managers, when a job ID is passed to the view 'Detail' the details of that job are accessible.

Job_id  Job_Title       Manager_id
23      Chimney Sweep   65
24      Rat Catcher     84

Managers    Email
65          [email protected]
66          [email protected]

I want to restrict access to the view based on the manager_email - so for example if we're on http://jobsite/jobs/Detail/23 then only arthur can access the view.. will be using AD to pick out the user's email..

Any pointers would be much appreciated!

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

比忠 2024-10-25 06:30:28

您可以编写一个自定义模型绑定器：

public class JobModelBinder : DefaultModelBinder
{
    public override object BindModel(ControllerContext controllerContext, ModelBindingContext bindingContext)
    {
        // fetch the job id from the request
        var jobId = controllerContext.RouteData.Values["id"];

        // fetch the currently connected username
        string user = controllerContext.HttpContext.User.Identity.Name;

        // Remark: You might need an additional step here
        // to query AD and fetch the email

        // Given the job id and the currently connected user, try 
        // to fetch the corresponding job
        Job job = FetchJob(jobId, user);

        if (job == null)
        {
            // We didn't find any job that corresponds to
            // the currently connected user
            // => we throw
            throw new HttpException(403, "Forbidden");
        }
        return job;
    }

    private Job FetchJob(int jobId, string user)
    {
        throw new NotImplementedException();
    }
}

然后拥有您的控制器：

public class JobsController : Controller
{
    [Authorize]
    public ActionResult Show([ModelBinder(typeof(JobModelBinder))]Job job)
    {
        return View(job);
    }
}

自定义模型绑定器也可以在 Application_Start 中注册：

protected void Application_Start()
{
    ...
    ModelBinders.Binders.Add(typeof(Job), new JobModelBinder());
}

这将简化您的控制器操作：

public class JobsController : Controller
{
    [Authorize]
    public ActionResult Show(Job job)
    {
        // If we get to that point it means that the
        // currently connected user has the necessary
        // permission to consult this view. The custom
        // model binder would have populated the Job model
        // and we can safely pass it to the view for display
        return View(job);
    }
}

这种方法的另一个优点是您可以注入依赖项进入自定义模型绑定器的构造函数。当尝试与 AD 和数据库通信时，它可能需要这些依赖项。

You could write a custom model binder:

public class JobModelBinder : DefaultModelBinder
{
    public override object BindModel(ControllerContext controllerContext, ModelBindingContext bindingContext)
    {
        // fetch the job id from the request
        var jobId = controllerContext.RouteData.Values["id"];

        // fetch the currently connected username
        string user = controllerContext.HttpContext.User.Identity.Name;

        // Remark: You might need an additional step here
        // to query AD and fetch the email

        // Given the job id and the currently connected user, try 
        // to fetch the corresponding job
        Job job = FetchJob(jobId, user);

        if (job == null)
        {
            // We didn't find any job that corresponds to
            // the currently connected user
            // => we throw
            throw new HttpException(403, "Forbidden");
        }
        return job;
    }

    private Job FetchJob(int jobId, string user)
    {
        throw new NotImplementedException();
    }
}

and then have your controller:

public class JobsController : Controller
{
    [Authorize]
    public ActionResult Show([ModelBinder(typeof(JobModelBinder))]Job job)
    {
        return View(job);
    }
}

The custom model binder could also be registered in Application_Start:

protected void Application_Start()
{
    ...
    ModelBinders.Binders.Add(typeof(Job), new JobModelBinder());
}

which would simplify your controller action:

public class JobsController : Controller
{
    [Authorize]
    public ActionResult Show(Job job)
    {
        // If we get to that point it means that the
        // currently connected user has the necessary
        // permission to consult this view. The custom
        // model binder would have populated the Job model
        // and we can safely pass it to the view for display
        return View(job);
    }
}

Another advantage of this approach is that you could inject dependencies into the constructor of your custom model binder. It might require those dependencies when tries to communicate with the AD and the database.

回复收藏 0 原文

~没有更多了~