stackoom
  简体   繁体   中英

Filtering Data by User's access rights

 原文  2012-04-15 18:11:02       c#/ asp.net-mvc-3/ entity-framework-4

Question

I'm writing a site in MVC3, using Entity (linked to Postgres, but not sure that part is relevant.

A user is part of a number of "leagues", and creates an "event" against one of those leagues.

there will be other users that have access to that league, and when they go to view a list of the events, I need the list to display only those "events" that are part of "leagues" they have access to.

Now there are numerous ways that this could be achieved, but I'm looking for the most elegant and widely accepted to be "the correct way".

Currently the User -> league relationship is held in the same place as the rest of the data, therefore I can just filter by the leagues without a problem. My issue is that I'm not sure whether or not I should be accessing the HttpContext to get the userId within the repository layer to do the Filtering.

If I don't do the above, I was considering using the RoleMembership functionality and make Leagues, Roles, and then there is built in functionality to do it.

The question is, what's the best practice for filtering result data by user Access in MVC3/Entity?

Blogs/Tutorial links are preferred, but full answers may also be accepted...

1 answers

solution1
 1 ACCPTED  2012-04-15 18:55:59

I definitely do not think the repository should be invoking the HttpContext object. I'd recommend following the dependency-injection pattern for this application. In this scenario, there are three interfaces-- one is the data-access interface (the repository ); another is the provider of filtered data to your view (the view model ); and a third is the provider of role information (the role provider ).

So, the repository is stand-alone; the role provider has a dependency (I gather from your question) on HttpContext; and the view model has a dependency on both the repository and the role provider. I would emphasize that you write a dependency wrapping of any HttpContext methods you're planning to use, so as to facilitate testing.

There's a fairly extensive tutorial on dependency-injection and MVC, on MSDN: http://msdn.microsoft.com/en-us/gg618491

To illustrate: 

public interface ILeagueRepository 
{
    IEnumerable<League> All;
}

public interface ILeaguesProvider
{
    IEnumerable<League> GetUserLeagues(string Username);
}

public class LeaguesProvider : ILeaguesProvider
{
    public LeaguesProvider(ILeagueRepository repository)
    {
         // ...
    }
    public IEnumerable<League> GetUserLeages(string Username)
    {
        return _repository.All.Where(league=>league.User == Username);
    }
}

public ActionResult LeaguesController
{
    public LeaguesController(ILeaguesProvider providerDependency, IRoleProvider roleDependency)
    {
        IEnumerable<League> leagues = providerDependency.GetUserLeagues(roleDependency.GetCurrentUser());
    }
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Check user's rights on a SSRS Get access rights of specific folder for actual user User page access rights in asp.net? Manage access rights to WCF Data Service https+basic authentication + access rights to local user in IIS Export the VisualSVN Server User Access Rights Using WMI in C# How to tie into a domain server's login for program access rights WCF ServiceHost access rights Sitecore 8 users access rights XamlParseException and user rights
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM