在 AuthorizeFilter 中获取 api 控制器构造函数值

【问题标题】:Get the api controllers constructor value within an AuthorizeFilter在 AuthorizeFilter 中获取 api 控制器构造函数值
【发布时间】:2014-01-17 18:11:43
【问题描述】:

当用户通过身份验证时,我想通过告诉他您没有 403 权限来防止他更新/删除/读取从其他帐户创建的数据!

让 ISchoolyearService 实例调用其 HasUserPermission() 方法的最佳方法是什么?

我知道我可以在这里新建 SchoolyearService ,但这会完全破坏在我的应用程序中使用 IoContainer 的原因。

public class UserActionsSchoolyearAuthorizationFilter : AuthorizationFilterAttribute
{
    public override void OnAuthorization(HttpActionContext actionContext)
    {
        if (actionContext != null)
        {
            bool canUserExecuteAction = false;
            if (actionContext.Request.Method == HttpMethod.Put)
            {
                int schoolyearId = Convert.ToInt32(actionContext.Request.GetRouteData().Values["Id"]);
                int userId = actionContext.Request.Content.ReadAsAsync<SchoolyearEditRequest>().Result.Schoolyear.UserId;
                //var schoolyearService = actionContext.ControllerContext.Controller.GetContstructorParameterServiceInstance();
                //canUserExecuteAction = schoolyearService.HasUserPermission(userId, schoolyearId);
                if (canUserExecuteAction)
                {
                    base.OnAuthorization(actionContext);
                }
                else
                {
                    actionContext.Response = new HttpResponseMessage(HttpStatusCode.Forbidden);
                }

            }
            // Removed for brevity

    private readonly ISchoolyearService _service;
            public SchoolyearController(ISchoolyearService service)
            {
                _service = service;
            }

【问题讨论】:

    标签: asp.net-web-api authorize-attribute asp.net-web-api2


    【解决方案1】:

    如果您在 SchoolyearController 上公开了 _service 参数,您可以在 OnAuthorization 方法中尝试这样的操作:

    var schoolyearController = actionContext.ControllerContext.Controller as SchoolyearController;
canUserExecuteAction = schoolyearController._service.HasUserPermission(userId, schoolyearId);

    【讨论】:

      【解决方案2】:

      好的,我终于知道如何从当前请求中获取 ISchoolyearService:

      从 DependencyScope 中获取注册的服务!

      现在这个属性应该直接放在控制器上。由于我所做的 http 动词上的 if/else,它不需要把它放在动作上。

      bool canUserExecuteAction = false;
if (actionContext.Request.Method == HttpMethod.Put)
{
    int targetId = Convert.ToInt32(actionContext.Request.GetRouteData().Values["Id"]);
    int userId = actionContext.Request.Content.ReadAsAsync<SchoolyearEditRequest>().Result.Schoolyear.UserId;
    var requstScope = actionContext.ControllerContext.Request.GetDependencyScope();
    var service = requstScope.GetService(typeof(ISchoolyearService)) as ISchoolyearService;
    canUserExecuteAction = service.HasUserPermission(userId, targetId);

    if (canUserExecuteAction)
    {
        base.OnAuthorization(actionContext); 
    }
    else
    {
        actionContext.Response = new HttpResponseMessage(HttpStatusCode.Forbidden);
    }
}

      【讨论】:

        猜你喜欢
        • 1970-01-01
        • 1970-01-01
        • 1970-01-01
        • 1970-01-01
        • 1970-01-01
        • 1970-01-01
        • 2017-05-23
        • 2021-04-26
        • 1970-01-01
        相关资源
        最近更新 更多
        热门标签
        Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode