开发者

ASP.NET MVC Authorization based on Route Params

开发者 https://www.devze.com 2023-02-15 04:00 出处:网络
My site allows people to edit posts. I want people to only edit their posts. I\'d want an authori开发者_如何学Czation attribute like:

My site allows people to edit posts. I want people to only edit their posts. I'd want an authori开发者_如何学Czation attribute like:

[CanEditPost(PostId = Id)]
ActionResult Edit(int Id) { }

But it seems like parameters to attributes have to be static, which makes this impossible. Is there any way to get around this?


Yes.

If you create an attribute that inherits from AuthorizeAttribute,

you should be able to access the route parameters by:

protected override bool AuthorizeCore(HttpContextBase httpContext)
{
    var postId = httpContext.Request.RequestContext.RouteData.Values["Id"];
    .
    .
    .
}
0

精彩评论

暂无评论...
验证码 换一张
取 消