[英]Multiple User Roles in Authorize
I have a controller which can be accessed by user having admin privileges or nurse. 我有一个控制器,可由具有管理员特权或护士的用户访问。 Then on separate action I can do more strict if I want to. 然后,如果需要的话,在单独的操作上我可以执行更严格的操作。 Right now what I have is something like this 现在我有这样的事情
[AuthorizeUser(UserRole = "Admin", OrganizationType = "Institution")]
It works fine. 工作正常。 But I would something like 但是我会喜欢
[AuthorizeUser(UserRole = "Admin,Nurse", OrganizationType = "Institution")]
AuthorizeUser is custom made authorization AuthorizeUser是定制的授权
public class AuthorizeUser : AuthorizeAttribute
{
public string UserRole { get; set; }
public string OrganizationType { get; set; }
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var isAuthorized = base.AuthorizeCore(httpContext);
if (!isAuthorized)
{
return false;
}
return CheckOrganizationType
.checkRole(this.UserRole, this.OrganizationType, Auth.CurrentUser);
}
}
public static bool checkRole(String role, String organizationType, User user)
{
RolesType rt = null;
OrganizationType ot = null;
foreach (UserRoles ur in user.GetUserRoles())
{
rt = RolesType.Get(ur.organizationTypeId,ur.roleTypeId);
ot = OrganizationType.Get(ur.organizationTypeId, "1");
}
if (rt != null && rt.Name == role && ot != null && ot.Name == organizationType)
{
return true;
}
else
{
return false;
}
}
and then check if the current user has any of the defined roles. 然后检查当前用户是否具有任何定义的角色。 How can this be done? 如何才能做到这一点? Any idea? 任何想法?
You have just to change this statement: 您只需更改以下语句:
if (rt != null && rt.Name == role && ot != null && ot.Name == organizationType)
with this: 有了这个:
if (rt != null && role.Contains(rt.Name) && ot != null && ot.Name == organizationType)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.