Odata如何授权用户角色的$expand功能?
Odata How to Authorization on $expand functionality of user Roles?
我想根据角色限制对 $expand 操作的访问。我的问题需要限制用户 Roles.can 对某些实体的访问 有人给出了一些关于从哪里开始的提示?
您可以使用此代码片段进行授权我从 http://www.software-architects.com/devblog/2014/09/12/10-OData-FAQs 获得
代码太多很容易
[Authorize]
[ODataRoutePrefix("Customer")]
public class CustomerController : ODataController
{
[...]
[EnableQuery]
public IHttpActionResult Get()
{
if (!string.IsNullOrWhiteSpace(((ClaimsPrincipal)Thread.CurrentPrincipal).Claims.FirstOrDefault(c => c.Type == "IsAdmin").Value))
{
return Ok(context.Customers);
}
return Unauthorized();
}
[...]
}
或创建扩展方法 IEdmModelBuilder 更多参考
ODataAuthorizationQueryValidatorSample on git hub
using System;
using System.Linq;
using System.Reflection;
using System.Web.OData;
using Microsoft.OData.Edm;
namespace MHS.Assessments.WebAPI.Utilities
{
public static class IEdmModelBuilderExtensions
{
public static void AddAuthorizedRolesAnnotations(this IEdmModel edmModel)
{
var typeAnnotationsMapping = edmModel.SchemaElementsAcrossModels()
.OfType<IEdmEntityType>()
.Where(t => edmModel.GetAnnotationValue<ClrTypeAnnotation>(t) != null)
.Select(t => edmModel.GetAnnotationValue<ClrTypeAnnotation>(t).ClrType)
.ToDictionary(clrType => clrType,
clrType => clrType.GetCustomAttributes<CanExpandAttribute>(inherit: false));
foreach (var kvp in typeAnnotationsMapping)
{
foreach (var attribute in kvp.Value)
{
attribute.SetRoles(edmModel, kvp.Key);
}
}
}
public static void SetAuthorizedRolesOnType(this IEdmModel model,string typeName,string[] roles)
{
IEdmEntityType type = model.FindType(typeName) as IEdmEntityType;
if (type == null)
{
throw new InvalidOperationException("The authorized element must be an entity type");
}
model.SetAnnotationValue<AuthorizedRoles>(type, new AuthorizedRoles(roles));
}
}
}
WebApiConfig.ca
edmModel.SetAuthorizedRolesOnType("Customers", new string[] { "Support"});
我想根据角色限制对 $expand 操作的访问。我的问题需要限制用户 Roles.can 对某些实体的访问 有人给出了一些关于从哪里开始的提示?
您可以使用此代码片段进行授权我从 http://www.software-architects.com/devblog/2014/09/12/10-OData-FAQs 获得 代码太多很容易
[Authorize]
[ODataRoutePrefix("Customer")]
public class CustomerController : ODataController
{
[...]
[EnableQuery]
public IHttpActionResult Get()
{
if (!string.IsNullOrWhiteSpace(((ClaimsPrincipal)Thread.CurrentPrincipal).Claims.FirstOrDefault(c => c.Type == "IsAdmin").Value))
{
return Ok(context.Customers);
}
return Unauthorized();
}
[...]
}
或创建扩展方法 IEdmModelBuilder 更多参考
ODataAuthorizationQueryValidatorSample on git hub
using System;
using System.Linq;
using System.Reflection;
using System.Web.OData;
using Microsoft.OData.Edm;
namespace MHS.Assessments.WebAPI.Utilities
{
public static class IEdmModelBuilderExtensions
{
public static void AddAuthorizedRolesAnnotations(this IEdmModel edmModel)
{
var typeAnnotationsMapping = edmModel.SchemaElementsAcrossModels()
.OfType<IEdmEntityType>()
.Where(t => edmModel.GetAnnotationValue<ClrTypeAnnotation>(t) != null)
.Select(t => edmModel.GetAnnotationValue<ClrTypeAnnotation>(t).ClrType)
.ToDictionary(clrType => clrType,
clrType => clrType.GetCustomAttributes<CanExpandAttribute>(inherit: false));
foreach (var kvp in typeAnnotationsMapping)
{
foreach (var attribute in kvp.Value)
{
attribute.SetRoles(edmModel, kvp.Key);
}
}
}
public static void SetAuthorizedRolesOnType(this IEdmModel model,string typeName,string[] roles)
{
IEdmEntityType type = model.FindType(typeName) as IEdmEntityType;
if (type == null)
{
throw new InvalidOperationException("The authorized element must be an entity type");
}
model.SetAnnotationValue<AuthorizedRoles>(type, new AuthorizedRoles(roles));
}
}
}
WebApiConfig.ca
edmModel.SetAuthorizedRolesOnType("Customers", new string[] { "Support"});