授权中的多个用户角色

Question

I have a controller which can be accessed by user having admin privileges or nurse. Then on separate action I can do more strict if I want to. Right now what I have is something like this

 [AuthorizeUser(UserRole = "Admin", OrganizationType = "Institution")]

It works fine. But I would something like

 [AuthorizeUser(UserRole = "Admin,Nurse", OrganizationType = "Institution")]

AuthorizeUser is custom made authorization

public class AuthorizeUser : AuthorizeAttribute
{
    public string UserRole { get; set; }
    public string OrganizationType { get; set; }
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        var isAuthorized = base.AuthorizeCore(httpContext);
        if (!isAuthorized)
        {
            return false;
        }

        return CheckOrganizationType
            .checkRole(this.UserRole, this.OrganizationType, Auth.CurrentUser);
    }
}

   public static bool checkRole(String role, String organizationType, User user)
    {
        RolesType rt = null;
        OrganizationType ot = null;
        foreach (UserRoles ur in user.GetUserRoles())
        {
            rt = RolesType.Get(ur.organizationTypeId,ur.roleTypeId);
            ot = OrganizationType.Get(ur.organizationTypeId, "1");
        }

        if (rt != null && rt.Name == role && ot != null && ot.Name == organizationType)
        {
            return true;
        }
        else
        {
            return false;
        }
    }

and then check if the current user has any of the defined roles. How can this be done? Any idea?

Answer 1

You have just to change this statement:

if (rt != null && rt.Name == role && ot != null && ot.Name == organizationType)

with this:

if (rt != null && role.Contains(rt.Name) && ot != null && ot.Name == organizationType)