locked
how to check if the user has not a permisstion in custom authorize RRS feed

  • Question

  • User799396372 posted

    good day

    i want to implement custom authorize in my mvc4 application with LDAP authentication, database Roles and enum Permission : 

    public enum Permission{
        Read = 1,
        ReadAndWrite = 2
    } 

    if the user have an administrator as role there is no need to define any permission, 

    else we need to check his permission to define his authorization

    my question : in cas of user is administrator, how check that he has not the permission?

    there is my Authorize Attribute code :

    public class AuthorizeAD:AuthorizeAttribute
        {
            UniteOfWorkBLL uniteOfWorkBll = new UniteOfWorkBLL();
            private bool _authenticated;
            private bool _authorized;
            public Permission UserPermission { get; set; }
    
            public CustomADPrincipal CustomPrincipal
            {
                get
                {
                    return HttpContext.Current.User as CustomADPrincipal;
                }
            }
    
            public AuthorizeAD()
            {
    
            }
            public AuthorizeAD(Permission? permission = null):base()
            {
                this.UserPermission = permission.Value;
            }
    
            protected override bool AuthorizeCore(HttpContextBase httpContext)
            {
                _authenticated = base.AuthorizeCore(httpContext);
                
                if (CustomPrincipal != null && CustomPrincipal.Identity.IsAuthenticated)
                {
                    var intervenant = uniteOfWorkBll.UserBLL.GetAllFiltered(u => u.Matricule == CustomPrincipal.Intervenant.Matricule, "IntervenantRoles.Role, IntervenantStructures.Structure").SingleOrDefault();
    
                    var roles = Roles.Split(',').ToList();
    
                    //var structures = uniteOfWorkBll.StructureBLL.GetAllByUser(CustomPrincipal.Intervenant.Matricule);
    
                    foreach (var role in roles)
                    {
                        if (UserPermission == 0 )
                            _authorized = CustomPrincipal.IsInRole(role);
                        else
                        {
                            _authorized = _authorized && CustomPrincipal.HasPermission(UserPermission);
    
                        }
    
                    }
                
                return _authorized;            
                
            }

    Controller:

    [AuthorizeAD(Roles="Admin, Users", Permission = Permission.ReadAndWrite)]
    public ActionResult Index(){
    }

    Friday, November 15, 2019 9:35 PM

Answers

  • User665608656 posted

    Hi Beginner,

    Will you set some restrictions for different permissions of users?

    Since your administrator has all the rights, you don't need to give the administrator permission judgment.

    You only need to judge whether the login name or role identity is an administrator. If the login user is an administrator, then you do not need to restrict the next operations of the administrator.

    In fact, the difference between administrators and users lies in the role they play instead of permission.

    After distinguishing them, you only need to judge the permission of users.

    Best Regards,

    YongQing.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, November 19, 2019 1:47 AM

All replies

  • User665608656 posted

    H Beginner,

    According to your description, does the administrator have any rights, or does the administrator have all rights?

    If the administrator has all the permissions, it is actually the ReadAndWrite Permission. You can judge the administrator's permissions as you judge the users permission.

    Or you can give the administrator permission to ReadAndWrite, actually,it's the same meaning.

    Best Regards,

    YongQing.

    Monday, November 18, 2019 8:52 AM
  • User799396372 posted

    the administrators have all rights of cours and the ReadWrite permission is limited right is affected to users that have not an administrator role 

    Monday, November 18, 2019 10:20 PM
  • User665608656 posted

    Hi Beginner,

    Will you set some restrictions for different permissions of users?

    Since your administrator has all the rights, you don't need to give the administrator permission judgment.

    You only need to judge whether the login name or role identity is an administrator. If the login user is an administrator, then you do not need to restrict the next operations of the administrator.

    In fact, the difference between administrators and users lies in the role they play instead of permission.

    After distinguishing them, you only need to judge the permission of users.

    Best Regards,

    YongQing.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, November 19, 2019 1:47 AM