asp.net mvc - Passing parameters and Custom Attributes -
i not sure go issue. want create custom authorization attribute checking roles , permissions. our permissions not standard role has these permissions more of each role can have permissions not others.
i have overridden authorizecore method in authorizeattribute class:
internal class roleattribute : authorizeattribute { private readonly iuserrepository _userrepository; private readonly ipermissionrepository _permissionrepository; public roleattribute(iuserrepository userrepository, ipermissionrepository permissionrepository) { _userrepository = userrepository; _permissionrepository = permissionrepository; } protected override bool authorizecore(httpcontextbase httpcontext) { user user = _userrepository.getusers(); permission permission = _permissionrepository.getpermissions(); return user.permissions.where(x => x.id == permission.id).any(); } } so when implement attribute:
private static iuserrepository _userrepository; private static ipermissionrepository _permissionrepository; public topnavigationcontroller(iuserrepository userrepository, ipermissionrepository permissionrepository) { _userrepository = userrepository; _permissionrepository = permissionrepository; } [role(_userrepository, _permissionrepository)] public actionresult methodthathasstuff() { //do stuff return stuff if user has permissions } i cannot dependency inject overridden method because cannot pass injections attribute.
i realize not great way approach problem until can work out our customer moves towards better practices need develop accordingly.
my main question is: there better way create custom authorization filter allow type of behavior?
if have idea because instantiate repositories in controller, same instances used each request, you're mistaken. controller instantiated each time. result, you're not saving not instantiating repos in attribute. given limitations of using attribute, there's no better way give access dependencies, , using statics on controller hugely bad idea.
Comments
Post a Comment