我想要做的是对动作处理程序进行两级角色检查.例如,要求用户至少属于以下组之一:SysAdmins,Managers AND至少在以下一个组中:HR,Payroll,Executive.
最初的猜测是,这可能是这样做的方法,但我认为不是:
[Authorize(Role="SysAdmins,Managers")]
[Authorize(Role="HR,Executive")]
public ActionResult SomeAction()
{
[...]
}
解决方法
你需要自己的属性.这是我的:
public class AuthorizationAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
var portalModel = ContextCache<PortalModel>.Get(ContextCache.PortalModelSessionCache);
var requestedController = filterContext.RouteData.GetrequiredString("controller");
var requestedAction = filterContext.RouteData.GetrequiredString("action");
var operation = string.Format("/{0}/{1}",requestedController,requestedAction);
var authorizationService = IoC.Container.Resolve<IAuthorizationService>();
if (!authorizationService.IsAllowed(AccountController.GetUserFromSession(),operation))
{
filterContext.Controller.ViewData["Message"] = string.Format("You are not authorized to perform operation: {0}",operation);
filterContext.HttpContext.Response.Redirect("/Error/NoAccess");
}
else
{
}
}
}
