Status: I am securing my work using the author of MVC. I have many UI components with functions like INSERT, DELETE ... which resulted in the implementation of a button that end-user click of the applicant click. Only those buttons should be visible to the user, which is allowed to execute it. At least to avoid giving less allow twice (buttons and controller action), I could have been thinking that button controller and / or determine Otribut authorized allowed to control its visibility to user-actions is. General: There are several areas and controllers in the application.
I found this answer () which indicates that the ReflectedControllerDescriptor class can help.
There is a way to determine about the URL area and the controller and action MVC-application
for existing routes within an example?
I've got a scene: / store / products / all
This view includes two links - / store / user / give advice - / system / users / loggedon < / p>
action has been replaced with recommend "would" and "Othraijh-attributed to logon" and these links should only appear when the user allow to execute them. So if possible, I want to use the attached attribute already.
In the same way I did it.
I updated the answer. It's for mvc3.
Public class MyActionAttribute: ActionFilterAttribute {Private Readonly String _conroller; Private Readonly String _action; Private Redondly string _id; Public class MyActionAttribute: ActionFilterAttribute {public bool IsAllowed (string _conroller, string _action, string _ id) to a user action on the controller, action and id back UserisAllowed (_conroller, _action about your case to check {// Permission is, then, _id); } Public override void OnActionExecuting (ActionExecutingContext filterContext) {var field = filterContext.RouteData.DataTokens [ "sector"]; If {// elsewhere say they send are not allowed to return (IsAllowed (filterContext.ActionDescriptor.ControllerDescriptor.ControllerName, filterContext.ActionDescriptor.ActionName, filterContext.RouteData.DataTokens [ "id"] ToString ()) !.); } Base.OnActionExecuting (filterContext); }} Now apply this attribute in controller action
[MyAction] See some public actions () {return view (); } The link you can check like this
if (new MyActionAttribute (). IsAllowed ( "yourcontroller", "youraction", "ID")) {Html.ActionLink (anyway)} I hope this will start you. In this way your logic remains in one place and it can also be used for controller / edit link and to be removed.
Comments
Post a Comment