[英]Checking the rights for CRUD operations in repository pattern, .Net
Good afternoon, everyone! 大家下午好! I'm using repository pattern for access EDM, and I want develop some kind of rights check using custom attribute AccessByRole
like this: 我正在使用存储库模式来访问EDM,我想使用自定义属性AccessByRole
开发某种权限检查,如下所示:
public abstract class RepositoryBase: IRepository
{
...
[AccessByRole]
public virtual void Add(T entity)
{
....
}
[AccessByRole]
public virtual void Update(T entity)
{
...
}
[AccessByRole]
public virtual void Delete(T entity)
{
...
}
[AccessByRole]
public virtual T GetById(long id)
{
...
}
}
Usage of repository (I'm using Autofac for IoC): 存储库的用法(我正在使用Autofac for IoC):
public class Service
{
private readonly IRepository repository;
public Service(IRepository repository)
{
this.repository = reporitory;
}
....
public UpdateUserEntities(...)
{
...
reporitory.Update(T); // There is a need for check user rights before calling this method.
}
}
There is a necessity of checking rights of the User before calling CRUD operations. 在调用CRUD操作之前,必须检查用户的权限。 So my question is: How should the attributes source code look like, so the CRUD operations called after the rights checked? 所以我的问题是:属性源代码应如何显示,以便在检查权限后调用CRUD操作?
Well, the easiest way would be to check the role in each action, and short circuit if that's not authorized. 好吧,最简单的方法是检查每个动作中的角色,如果未授权,则将其短路。 For example: 例如:
if(AuthorizedForRole[someAction]==true)
{
[some code]
}else{
Return "Unauthorized access attept";
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.