Vote count:
0
Given the following scenario:
A simple database is set up that has requests which must be approved by users based on the Business Unit they are assigned to. Suppose that Daryl Hall is an Approver for Business Units 1 & 2. John Oates is an Approver for Business Units 2 & 3, and Charlie DeChant is an Approver for Business Units 3 & 4. (Don't judge me, I love me some Hall & Oates)
I have an MVC {controller}/{action}/{id} that looks like this Review/Approve/33. I don't know, until the action is invoked, what Business Unit Request #33 is tied to, I will need to request the data from the database PRIOR to running the action.
Furthermore, Roles are NOT part of the database design. Users (like Darly, John, and Charlie) are tied to Business Units via a junction table design, thus allowing a Business Unit to have multiple "Approvers" (and hence, the junction table name is BusinessUnitApprovers). I am using Entity Framework 6, btw (and MVC 5).
I know I can determine within the Action's code whether the user is an Approver, like this:
public class ReviewController : Controller
{
public ActionResult Approve(int id)
{
bool canApprove = false;
// no, I normally don't access the DB directly from a controller, this is for example purposes only
using (TestApplicationEntities db = new TestApplicationEntities())
{
canApprove = (from requests in db.Requests
join approvers in db.BusinessUnitApprovers on requests.PrimaryBusinessUnitID equals approvers.BusinessAreaID
where requests.ID == id
select approvers.UserID).toList().Contains(Session["UserID"]);
}
if(canApprove)
{
// do some work, let the client know the results
}
return RedirectToAction("StopTryingToApproveYourOwnRequestYouBonehead");
}
However...
I would like to go about using an Attribute, such as the AuthorizeAttribute (or derivative thereof), to determine if a given user is an Approver for a given Request.
How would I do that?
Aucun commentaire:
Enregistrer un commentaire