身份 - ASP.NET Core MVC 中的用户权限
[英]Identity - user rights in ASP.NET Core MVC
问题描述
I'm creating a web application where a user that is logged in via Identity can create new objects (products) for sale.
我正在创建一个 web 应用程序,通过身份登录的用户可以创建新的对象(产品)进行销售。 However I wonder how can I use Identity to make it so that a user can only see their own created objects.但是我想知道如何使用 Identity 来制作它,以便用户只能看到他们自己创建的对象。 I've been thinking about UserManager but I'm fairly new to this so I'm not really sure where to start.我一直在考虑UserManager但我对此很陌生,所以我不确定从哪里开始。
If anyone can show me a pretty simple way to solve this I would appreciate it a lot.如果有人能告诉我一个非常简单的方法来解决这个问题,我将不胜感激。 Been reading a lot of Microsoft's documentation but I don't feel like I'm getting much wiser.阅读了大量 Microsoft 的文档,但我不觉得我变得更聪明了。
This is my InventoryController where I manage my "Products":这是我管理“产品”的InventoryController :
using auktioner_MarcusR91.Data;
using auktioner_MarcusR91.Models;
using Microsoft.AspNet.Identity;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
namespace auktioner_MarcusR91.Controllers
{
public class InventoryController : Controller
{
private readonly AppDbContext _db;
public InventoryController(AppDbContext db)
{
_db = db;
}
public IActionResult Index()
{
IEnumerable<Inventory> objInventoryList = _db.Inventories;
return View(objInventoryList);
}
//GET
[Authorize]
public IActionResult Create()
{
return View();
}
//Post
[HttpPost]
[ValidateAntiForgeryToken]
public IActionResult Create(Inventory inventory)
{
_db.Inventories.Add(inventory);
_db.SaveChanges();
return RedirectToAction("index");
}
//GET
[Authorize]
public IActionResult Edit(int? id)
{
if (id == 0 || id == 5)
{
return NotFound();
}
var inventoryFromDb = _db.Inventories.Find(id);
if (inventoryFromDb == null)
{
return NotFound();
}
return View(inventoryFromDb);
}
//Post
[HttpPost]
[ValidateAntiForgeryToken]
public IActionResult Edit(Inventory inventory)
{
if (ModelState.IsValid)
{
_db.Inventories.Update(inventory);
_db.SaveChanges();
return RedirectToAction("index");
}
return View(inventory);
}
}
}
Here is my create view if that helps:如果有帮助,这是我的创建视图:
@model Inventory
<form method = "post">
<div class = "border p-3 mt-4">
<div class = "row pb-2">
<h2 class = "text-primary">Add to Inventory</h2>
<hr />
</div>
<div class = "mb-3">
<label asp-for ="inventoryName"></label>
<input asp-for = "inventoryName" />
<label asp-for ="finalPrize"></label>
<input asp-for = "finalPrize" />
<label asp-for ="inventoryDesc"></label>
<input asp-for = "inventoryDesc" />
<p>1 för "Transport</p>
<p>2 för "Smycken"</p>
<p>3 för "Hushåll"</p>
<p>4 för "Dekoration"</p>
<select asp-for = "categoryId">
<option>1</option>
<option>2</option>
<option>3</option>
<option>4</option>
</select>
</div>
<button type = "submit" class = "btn btn-primary" width = "100px">Submit</button>
<a asp-controller = "Inventory" asp-action = "index" class = "btn btn-secondary" style = "width: 100px">Back to products</a>
</div>
</form>
1 个解决方案
解决方案1
0 2022-01-05 18:13:29
U should use userManager for userId. U 应该使用 userManager 作为 userId。
private readonly AppDbContext _db;
private readonly UserManager<ApplicationUser> _userManager;
public InventoryController(AppDbContext db, UserManager<ApplicationUser> userManager)
{
_db = db;
_userManager = userManager;
}
Then change your query filter by userId.然后通过 userId 更改您的查询过滤器。
var userId = _userManager.GetUserId(HttpContext.User);
IEnumerable<Inventory> objInventoryList = _db.Inventories.Where(d => d.userId == userId);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.