Multiple User Roles in Authorize

mohsinali1317

I have a controller which can be accessed by user having admin privileges or nurse. Then on separate action I can do more strict if I want to. Right now what I have is something like this

 [AuthorizeUser(UserRole = "Admin", OrganizationType = "Institution")]

It works fine. But I would something like

 [AuthorizeUser(UserRole = "Admin,Nurse", OrganizationType = "Institution")]

AuthorizeUser is custom made authorization

public class AuthorizeUser : AuthorizeAttribute
{
    public string UserRole { get; set; }
    public string OrganizationType { get; set; }
    protected override bool AuthorizeCore(HttpContextBase httpContext)
    {
        var isAuthorized = base.AuthorizeCore(httpContext);
        if (!isAuthorized)
        {
            return false;
        }

        return CheckOrganizationType
            .checkRole(this.UserRole, this.OrganizationType, Auth.CurrentUser);
    }
}

   public static bool checkRole(String role, String organizationType, User user)
    {
        RolesType rt = null;
        OrganizationType ot = null;
        foreach (UserRoles ur in user.GetUserRoles())
        {
            rt = RolesType.Get(ur.organizationTypeId,ur.roleTypeId);
            ot = OrganizationType.Get(ur.organizationTypeId, "1");
        }

        if (rt != null && rt.Name == role && ot != null && ot.Name == organizationType)
        {
            return true;
        }
        else
        {
            return false;
        }
    }

and then check if the current user has any of the defined roles. How can this be done? Any idea?

alessandro

You have just to change this statement:

if (rt != null && rt.Name == role && ot != null && ot.Name == organizationType)

with this:

if (rt != null && role.Contains(rt.Name) && ot != null && ot.Name == organizationType)

Collected from the Internet

Please contact [email protected] to delete if infringement.

edited at
0

Comments

0 comments
Login to comment

Related

Authorize Attribute with Multiple Roles

Authorize with multiple roles

How to use <sec:authorize access="hasRole('ROLES)"> for checking multiple Roles?

ASP.NET MVC Authorize user with many roles

Multiple roles in 'User.IsInRole'

Generic Authorize Attribute multiple Roles ASP.NET Core

can sec:authorize from thymeleaf be used for multiple roles

User with multiple roles and multiple teams database design

Multiple Roles for a User belonging to multiple Organizations

how to Assign Multiple Roles for a user in wordpress?

API - Multiple requests vs separating user roles

Is it possible to create a MongoDb user with multiple roles in Java?

MongoDB Roles - user access multiple databases

How to assign Multiple roles to a single user in wordpress

Rolify Assign Multiple User Roles at Once

Middleware on route level based on multiple user roles

How to authorize actions with the [Authorize(Roles)] attribute?

User.IsInRole() returns false and Authorize Roles gives me an Access Denied

Authorize as Roles = "Admin" during login

How to authorize a method from one controller to one role or multiple roles without canceling the entire controller

Return multiple roles for user in 1 column not multiple rows

How to create multiple roles for single user in ruby on rails?

Can a single Gherkin scenario have multiple user roles?

Integrating Active Directory in Windows Server with Laravel 5 for multiple user roles

Is it possible to assign multiple roles to a user or group in Azure AD?

How to Assign a Gateway Fee in WooCommerce to Multiple User Roles?

Need help checking and adding user to multiple roles async

Model design for a user who can have roles at multiple organizations

how to add multiple roles to an admin user in Apache tomcat 8?