在自定义属性中查找mvc3操作方法参数
我正在致力于在 mvc3 应用程序上实现用户权限管理。
我已经在数据库上使用 ControllerName、ActionName 和参数定义了我的操作方法,参数包括 ParameterName 和 ParameterType 等。
我实现了一个继承自 Authorize 属性的自定义属性。
我想做的是找到在数据库上定义的内置操作中执行的操作,并计算用户是否有权执行指定的操作。
代码是这样的;
[HttpPost]
[MyAuthorize]
public ActionResult Edit(VendorPageItem entity)
{
//...
}
public class MyAuthorize: System.Web.Mvc.AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (httpContext == null)
throw new ArgumentNullException("httpContext");
string controller = httpContext.Request.RequestContext.RouteData.Values["controller"].ToString();
string action = httpContext.Request.RequestContext.RouteData.Values["action"].ToString();
int userId = SessionState.Current.LoginParameter.VendorUserID;
List<string> parameterTypes = new List<string>();
//TODO: Find out action method parameter types.
return IoCWorker.Resolve<IUserRightService>().HasUserRightToAction(userId, controller, action, parameterTypes);
}
}
我的问题是在自定义属性中查找方法参数类型。
谢谢。
编辑:忘记提及这是后期行动。添加了[HttpPost]。
I am working on implementing user right management on an mvc3 application.
I have defined my action methods on database with ControllerName, ActionName, and Parameters consists ParameterName and ParameterType etc.
I implemented a custom attribute which inherited from Authorize attribute.
What i am trying to do is finding the action executing among my built-in actions defined on database and calculating if user has permission on specified action or not.
The code is like this;
[HttpPost]
[MyAuthorize]
public ActionResult Edit(VendorPageItem entity)
{
//...
}
public class MyAuthorize: System.Web.Mvc.AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (httpContext == null)
throw new ArgumentNullException("httpContext");
string controller = httpContext.Request.RequestContext.RouteData.Values["controller"].ToString();
string action = httpContext.Request.RequestContext.RouteData.Values["action"].ToString();
int userId = SessionState.Current.LoginParameter.VendorUserID;
List<string> parameterTypes = new List<string>();
//TODO: Find out action method parameter types.
return IoCWorker.Resolve<IUserRightService>().HasUserRightToAction(userId, controller, action, parameterTypes);
}
}
My problem is finding the method parameter types in my custom attribute.
Thanks.
edit: forgot to mention that is post action. [HttpPost] added.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我认为反思就是答案。
一旦有了控制器和操作,并且假设您事先知道名称空间,您就可以检查控制器
类型并深入了解其方法和相关签名/重载。另外,检查 RouteData 除了控制器和操作之外的完整内容可以告诉您它传递给方法的内容。
我还没有尝试过,但从你所说的看来,它会以这种方式工作。
I think reflection is the answer here.
Once you have the controller and the action, and assuming you know beforehand the namespace, you can inspect the controller
Typeand drill down to its methods and relative signatures/overloads.Also inspecting the full contents of RouteData apart from controller and action can tell you what it being passed to the method.
I haven't tried it out, but from what you say it seems it will work this way.
我不确定我是否正确理解了你的问题。如果您尝试访问参数值,我有一个答案给您,如果您确实想知道参数类型,那么@Matteo Mosca 的答案将是正确的:
这取决于参数的来源。无论它们是 QueryString 参数、表单参数、cookie 还是...
ASP.NET 的模型绑定器基础结构尝试将参数映射到操作方法上。在您的自定义属性中,您可以使用上下文访问参数,例如
编辑:
这当然不是最好的解决方案,因为您需要有关已发布参数的信息。由于我不知道你的真实需求,所以无法提出更好的建议。当然,您可以迭代 Form 集合。
一种可能是您将字段名称作为 MyAuthorizeAttribute 的参数/属性传递。
I'm not sure whether I understood your question properly. If you try to access the parameter values, I have an answer for you, if you really want to know the parameter types, then @Matteo Mosca's answer will be correct:
That depends on where the parameters come from. Whether they are QueryString parameters or form parameters or cookies or...
The model binder infrastructure of ASP.NET tries to map the parameters on the action method. In your custom attribure you can access the parameters with the context, e.g.
EDIT:
This is of course not the nicest solution because you need information about the posted parameters. As I don't know your real requirements, I can't make any better suggestion. Of course you could iterate through the Form collection.
A possiblilty could be that you pass the name of the field as a parameter/property of the MyAuthorizeAttribute.