MVC3中基于角色的授权的管理/文档

Question

I'm new to a project and have inherited a site that uses role-based authorization. There are a lot of Authorize attributes on the methods in the code - for example:

public class MyController:Controller
{
    [Authorize(Roles = "Manager")]
    [Authorize(Roles = "Admin")]
    public ActionResult Action1()
    {
        //...
    }
}

I want to sort of have authorization definitions for each of these roles like:

• Manager - can edit/delete an order
• Admin - can edit/delete users

I was wondering if there is any special MVC/Visual Studio/ReSharper function that can produce a list of methods that have particular roles or if compiling somehow generates documentation somewhere that I can glance at. I have looked around for something to help with no luck.

Answer 1

Short Answer

I am not aware of a Visual Studio or MVC feature or a plugin (including ReSharper) to do what you want directly; but Visual Studio and .NET provide the basic building blocks to do it - eg regular expressions and reflection.

VS Find in Files (Using Regular Expressions)

Overview

The easiest (if not the most elegant) way to do what you want is to simply search your project or solution with Visual Studio's Find in Files dialog ( Edit > Find and Replace > Find in Files or Ctrl + Shift + F ) using a regular expression...

..., which will return results like the following:

Find all "(?<=\[[HttpGet]+\]\s+(\[[A-Za-z_]+\]\s+)*)(public\s+)(?!(class|interface)\s+)[A-Za-z_<>]+\s+[A-Za-z_]+\s*\(", Regular expressions, Subfolders, Find Results 1, Entire Solution, "*.cs"
  C:\Users\me\Source\Repo\Solution\Controllers\Controller.cs(21):        public List<SomeType> Action1() {
  C:\Users\me\Source\Repo\Solution\Controllers\Controller.cs(30):        public List<Foo> Action2() {
  C:\Users\me\Source\Repo\Solution\Controllers\Controller.cs(38):        public List<Bar> Action3() {
  C:\Users\me\Source\Repo\Solution\Controllers\AnotherController.cs(46):        public List<Bar> ActionA(int n) {
  C:\Users\me\Source\Repo\Solution\Controllers\AnotherController.cs(78):        public List<Baz> ActionB() {
  C:\Users\me\Source\Repo\Solution\Controllers\YetAnotherController.cs(35):        public SomeOtherType ActionAlpha() {
  C:\Users\me\Source\Repo\Solution\Controllers\YetAnotherController.cs(51):        public List<SomeType> ActionBeta(int n) {
  Matching lines: 7    Matching files: 3    Total files searched: 32

Here I searched for public methods with [HttpGet] . (Also note that I did this in VS 2013, which uses standard .NET regular expressions for Find in Files unlike previous versions .)

Applied to Your Case

For your case centered on [Authorize(Roles = "<role>"] , I would start with the following regular expression for all methods with the attribute...

(?<=\[Authorize\(Roles = "[A-Za-z]"\)\]\s+)(public\s+)(?!(class|interface)\s+)[A-Za-z_<>]+\s+[A-Za-z_]+\s*\(

...and a narrower variant of it for methods with the attribute and a specific Roles argument (eg "Admin" ):

(?<=\[Authorize\(Roles = "Admin"\)\]\s+)(public\s+)(?!(class|interface)\s+)[A-Za-z_<>]+\s+[A-Za-z_]+\s*\(

Tweaks to the regular expressions above will probably improve your results (eg character classes like [A-Za-z_] , Roles *= *" instead of Roles = " etcetera); but they should provide a good start at least; I checked them against AuthorizeAttribute with various Roles arguments.

If you have trouble understanding or tweaking the above regular expressions, MSDN's Regular Expression Language - Quick Reference and other online resources should prove helpful.

Other Possibilities

A couple other ways to approach what you want that come to mind (among many others) are:

• Writing a quick tool that uses .NET reflection.
• Using NDepend's CQL .

Edit

Per my comment on your question that it is simply phenomenal, I realized that I had not stopped to do a basic search to challenge my experience. :/

It turns out that a Jigar.Net article entitled Authorization in ASP.Net MVC using XML Configuration describes a cool, different way to manage/document authorization - proactively using a dedicated XML configuration section like the following...

< controllers > 
   < controller  name ="Admin"> 
     < roles > 
       < role > Admin </ role > 
       < role > Edit </ role > 
       < role > View </ role > 
     </ roles > 
     < actions > 
       < action  name ="Index"> 
         < roles > 
           < role > Admin </ role > 
           < role > Edit </ role > 
           < role > View </ role > 
         </ roles > 
       </ action > 
       < action  name ="Edit"> 
         < roles > 
           < role > Edit </ role > 
           < role > Admin </ role > 
         </ roles > 
       </ action > 
       < action  name ="Admin"> 
         < roles > 
           < role > Admin </ role > 
         </ roles > 
       </ action > 
     </ actions > 
   </ controller > 
   < controller  name ="Home"> </ controller > 
</ controllers >

...paired with supporting code. (The article also underscores that a database is of course an alternative to an XML config section.)

I plan to consider this question further and look for other approaches & tools; hopefully someone can answer with even greater insight; but this is what I quickly found once I tried. :}