我无法用我的自定义授权属性装饰整个控制器
I can't decorate whole Controller with my Custom Authorize Attribute
我尝试像这样装饰一个完整的控制器class:
namespace SisParkTD.Controllers
{
[CustomAuthorize]
public class AbonosController : Controller
{
我可以装饰控制器中的方法,但不能装饰整个控制器。
当我尝试装饰控制器时得到的错误 class 是这样的:
The attribute 'CustomAuthorize' is not valid on
this declaration type. It is only valid on 'method' declarations.
Attribute 'SisparkTD.Filters.CustomAuthorizeAttribute' is not valid on this declaration type. Is is valid on 'Method' declarations only.
这是 CustomAuthorizeAttribute 的代码:
namespace SisParkTD.Filters
{
[AttributeUsage(AttributeTargets.Method)]
public class CustomAuthorizeAttribute : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
using (var db = new SpContext())
{
var controller = (string)httpContext.Request.RequestContext.RouteData.Values["controller"];
var action = (string)httpContext.Request.RequestContext.RouteData.Values["action"];
var accion = db.Acciones.FirstOrDefault(a => a.Descripcion == action && a.Pagina.Descripcion == controller);
var username = httpContext.User.Identity.Name;
var usuario = db.Usuarios.FirstOrDefault(u => u.NombreDeUsuario == username);
if (usuario == null) return false;
if (accion == null) return false;
var rolesId = db.RolesUsuarios.Where(ru => ru.UsuarioId == usuario.UsuarioId).Select(ru => ru.RolId);
if (!rolesId.Any()) return false;
foreach (var rolId in rolesId)
{
if (db.Permisos.Find(rolId, accion.AccionId) != null) return base.AuthorizeCore(httpContext);
}
return false;
}
}
}
}
从属性中删除 [AttributeUsage(AttributeTargets.Method)]。 (感谢 SLaks 的回答)
我尝试像这样装饰一个完整的控制器class:
namespace SisParkTD.Controllers
{
[CustomAuthorize]
public class AbonosController : Controller
{
我可以装饰控制器中的方法,但不能装饰整个控制器。
当我尝试装饰控制器时得到的错误 class 是这样的:
The attribute 'CustomAuthorize' is not valid on this declaration type. It is only valid on 'method' declarations.
Attribute 'SisparkTD.Filters.CustomAuthorizeAttribute' is not valid on this declaration type. Is is valid on 'Method' declarations only.
这是 CustomAuthorizeAttribute 的代码:
namespace SisParkTD.Filters
{
[AttributeUsage(AttributeTargets.Method)]
public class CustomAuthorizeAttribute : AuthorizeAttribute
{
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
using (var db = new SpContext())
{
var controller = (string)httpContext.Request.RequestContext.RouteData.Values["controller"];
var action = (string)httpContext.Request.RequestContext.RouteData.Values["action"];
var accion = db.Acciones.FirstOrDefault(a => a.Descripcion == action && a.Pagina.Descripcion == controller);
var username = httpContext.User.Identity.Name;
var usuario = db.Usuarios.FirstOrDefault(u => u.NombreDeUsuario == username);
if (usuario == null) return false;
if (accion == null) return false;
var rolesId = db.RolesUsuarios.Where(ru => ru.UsuarioId == usuario.UsuarioId).Select(ru => ru.RolId);
if (!rolesId.Any()) return false;
foreach (var rolId in rolesId)
{
if (db.Permisos.Find(rolId, accion.AccionId) != null) return base.AuthorizeCore(httpContext);
}
return false;
}
}
}
}
从属性中删除 [AttributeUsage(AttributeTargets.Method)]。 (感谢 SLaks 的回答)