I have a controller which can be accessed by user having admin privileges or nurse. Then on separate action I can do more strict if I want to. Right now what I have is something like this
[AuthorizeUser(UserRole = "Admin", OrganizationType = "Institution")]
It works fine. But I would something like
[AuthorizeUser(UserRole = "Admin,Nurse", OrganizationType = "Institution")]
AuthorizeUser is custom made authorization
public class AuthorizeUser : AuthorizeAttribute
{
public string UserRole { get; set; }
public string OrganizationType { get; set; }
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var isAuthorized = base.AuthorizeCore(httpContext);
if (!isAuthorized)
{
return false;
}
return CheckOrganizationType
.checkRole(this.UserRole, this.OrganizationType, Auth.CurrentUser);
}
}
public static bool checkRole(String role, String organizationType, User user)
{
RolesType rt = null;
OrganizationType ot = null;
foreach (UserRoles ur in user.GetUserRoles())
{
rt = RolesType.Get(ur.organizationTypeId,ur.roleTypeId);
ot = OrganizationType.Get(ur.organizationTypeId, "1");
}
if (rt != null && rt.Name == role && ot != null && ot.Name == organizationType)
{
return true;
}
else
{
return false;
}
}
and then check if the current user has any of the defined roles. How can this be done? Any idea?
You have just to change this statement:
if (rt != null && rt.Name == role && ot != null && ot.Name == organizationType)
with this:
if (rt != null && role.Contains(rt.Name) && ot != null && ot.Name == organizationType)
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments