Asp.net core mvc permission control: controls operation permissions in the view and mvc permission Control

Asp.net core mvc permission control: controls operation permissions in the view and mvc permission Control

The permission verification framework is provided in asp.net core mvc. The previous article describes how to configure permission control. After the permission is configured, the permission verification logic is automatically executed, however, in some cases, we may need to manually determine the permissions in the code or view. Now we will introduce the specific operation methods.

If you want to determine whether the current user has a certain permission in the Controller method, you can directly use HttpContext. user. hasClaim (string cliamtype, string cliamvalue) method for determination. This method returns the bool type. If it returns true, it indicates that it has the permission; otherwise, it does not.

In a view, we often need to control the permissions of a button or hyperlink. A button with the permission is displayed, otherwise it is unrealistic. So how can this effect be achieved? The method is described as follows:

1. Use HttpContext. User. HasClaim (string cliamtype, string cliamvalue) in the view to determine the permission, and then control whether the button is displayed.

@ If (HttpContext. User. HasClaim ("User", "Delete "))

{

<Input type = 'button 'value = "delete"/>

}

The above code is written in the view, indicating that if you have the delete permission, the delete button is displayed. This method is written in this format, for example, where verification is required.

2. With the help of the new features of asp.net core mvc, taghelper can simplify the first method. As for what is taghelper and its role, we will not introduce it here. You can search by Baidu or Google, the following describes how to customize the taghelper for permission verification.

<A asp-claim = "goods, edit" asp-action = "addgoods" asp-route-id = "@ goods. id "class =" btn-icon "title =" edit "> <I class =" icon-common-edit icon-pencel "> </I> </a>

The above code is our final result, indicating that this hyperlink is displayed only when the user has the claim (type = goods, value = edit) permission, next we will introduce how to implement this taghelper.

1) First, we define a class derived from the TagHelper class, add the claim attribute definition, and add the ViewContext

Class ClaimTagHelper: TagHelper

{

Private const string ClaimAttributeName = "asp-claim ";
Public ClaimTagHelper ()
{

}


[HtmlAttributeName (ClaimAttributeName)]
Public string Claim {get; set ;}

}

 

2) our permission control taghelper only applies to the elements of button, a, and input. The Code is as follows:

[HtmlTargetElement ("a", Attributes = ClaimAttributeName)]
[HtmlTargetElement ("button", Attributes = ClaimAttributeName)]
[HtmlTargetElement ("input", Attributes = ClaimAttributeName, TagStructure = TagStructure. WithoutEndTag)]
Public class ClaimTagHelper: TagHelper

{

......

}

3) override the Process method of TagHelper and use HttpContext. User. HasClaim in the method to judge the permissions. The ViewContext object must be used to access HttpContext in the view. Therefore, we need to add ViewContext reference to the current TagHelper class. The specific code is as follows:

Public class ClaimTagHelper: TagHelper

{

.....

[HtmlAttributeNotBound]
[ViewContext]
Public ViewContext {get; set ;}

.....

}

The basic conditions are met, and then the Process is implemented, directly on the Code:

Public override void Process (TagHelperContext context, TagHelperOutput output)
{
If (string. IsNullOrEmpty (Claim ))
{
Return;
}


String [] claimData = Claim. Split (new char [] {'-'}, StringSplitOptions. RemoveEmptyEntries );


If (claimData. Length = 1)
{
If (! ViewContext. HttpContext. User. HasClaim (m => m. Type = claimData [0])
{
// No permission
Output. SuppressOutput ();
}
}
Else
{
If (! ViewContext. HttpContext. User. HasClaim (m => m. Type = claimData [0] & m. Value = claimData [1])
{
// No permission
Output. SuppressOutput ();
}
}

}

 

This is the end of the Introduction. Thank you. If you have any shortcomings, thank you for your guidance.