我有一个区域,其中 RoleId 在权限表中作为字符串保存。我正在对 ID 进行比较以提取角色的所有权限。我正在像这样获取当前登录用户角色 ID。
var userManager = HttpContext.GetOwinContext().GetUserManager<ApplicationUserManager>();
string roleid = userManager.FindById(User.Identity.GetUserId()).Roles.Select(r => r.RoleId);
它不喜欢字符串的使用。我正在得到
Cannot implicitly convert type 'System.Collections.Generic.IEnumerable<string>' to 'string'
这是我进行比较的地方,请注意,权限可以具有UserId或RoleId,使用此设置的UserId没有问题。
var checkControllerActionRoleUserId = menuaccess.FirstOrDefault(i => i.MenuURL == menuUrl && String.IsNullOrEmpty(i.RoleId = roleid) && String.IsNullOrEmpty(i.UserId = userid));
是否有其他方法可以获取 RoleId 或不同的措辞进行比较?
谢谢
更新:在下面添加了控制器。对不起,它很长..
protected override void OnActionExecuting(ActionExecutingContext context)
{
base.OnActionExecuting(context);
try
{
//int roleid = int.Parse(Env.GetUserInfo("roleid"));
//int userid = int.Parse(Env.GetUserInfo("userid"));
string userid = User.Identity.GetUserId();
//string userid = Env.GetUserInfo("userid");
//string roleid = Env.GetUserInfo("roleid");
var userManager = HttpContext.GetOwinContext().GetUserManager<ApplicationUserManager>();
// Select will return collection as opposed to scalar/single value. Pay attention to datatype here.
IEnumerable<string> currentUserRoles = userManager.FindById(User.Identity.GetUserId()).Roles.Select(r => r.RoleId);
//string roleid = roles;
var descriptor = context.ActionDescriptor;
var actionName = descriptor.ActionName.ToLower();
var controllerName = descriptor.ControllerDescriptor.ControllerName.ToLower();
var controller = descriptor.ControllerDescriptor.ControllerName;
var GetOrPost = context.HttpContext.Request.HttpMethod.ToString();
var checkAreaName = context.HttpContext.Request.RequestContext.RouteData.DataTokens["area"];
string AreaName = "";
if (checkAreaName != null)
{
AreaName = checkAreaName.ToString().ToLower() + "/";
}
var cacheItemKey = "AllMenuBar";
var global = HttpRuntime.Cache.Get(cacheItemKey);
if (GetOrPost == "POST")
{
// Added index to string 02/03/2020
// Added add to actonName settings 02/08/2020
///if menupermission create,edit,delete then update value "true" in IsMenuChange file
if (controllerName == "menupermission" && (actionName == "add" || actionName == "index" || actionName == "create" || actionName == "edit" || actionName == "delete" || actionName == "multiviewindex"))
{
global = MenuBarCache(cacheItemKey, global, "shortcache");
}
}
if (global == null)//if cashe is null
{
global = MenuBarCache(cacheItemKey, global, "60mincache");//make cache from db
}
var menuaccess = (MenuOfRole[])global;
if (GetOrPost == "GET")
{
if (actionName == "add" || actionName == "index" || actionName == "create" || actionName == "edit" || actionName == "delete" || actionName == "multiviewindex")
{
// Old Impementation May be removed at Cleanup if not used - 02/10/2020
//ViewBag.Add = menuaccess.Where(i => i.MenuURL == controllerName).Select(i => (i.IsAdd));
//ViewBag.Read = menuaccess.Where(i => i.MenuURL == controllerName).Select(i => (i.IsRead));
//ViewBag.Create = menuaccess.Where(i => i.MenuURL == controllerName).Select(i => (i.IsCreate));
//ViewBag.Edit = menuaccess.Where(i => i.MenuURL == controllerName).Select(i => (i.IsUpdate));
//ViewBag.Delete = menuaccess.Where(i => i.MenuURL == controllerName).Select(i => (i.IsDelete))();
// Stack Overflow corrections - 02/10/2020
ViewBag.Add = menuaccess.Any(i => i.MenuURL == controllerName && i.IsAdd);
ViewBag.Read = menuaccess.Any(i => i.MenuURL == controllerName && i.IsRead);
ViewBag.Create = menuaccess.Any(i => i.MenuURL == controllerName && i.IsCreate);
ViewBag.Edit = menuaccess.Any(i => i.MenuURL == controllerName && i.IsUpdate);
ViewBag.Delete = menuaccess.Any(i => i.MenuURL == controllerName && i.IsDelete);
ViewBag.Visable = menuaccess.Any(i => i.MenuURL == controllerName && i.IsVisable);
}
}
string menuUrl = AreaName + controllerName + "/" + actionName;
if (IsActionNameEqualToCrudPageName(actionName))
{
menuUrl = AreaName + controllerName;
}
var checkUrl = menuaccess.FirstOrDefault(i => (i.MenuURL == AreaName + controllerName + "/" + actionName) || i.MenuURL == menuUrl);
///checkUrl: check if menu url Exists in MenuPermission if not exists then will be run
if (checkUrl != null)
{
// Changed below line to use string instead of int.. 01/26/2020
//var checkControllerActionRoleUserId = menuaccess.FirstOrDefault(i => i.MenuURL == menuUrl && String.IsNullOrEmpty(i.RoleId = roleid) && String.IsNullOrEmpty(i.UserId = userid));
// Added change to use roles as collection.
var checkControllerActionRoleUserId = menuaccess.FirstOrDefault(i => i.MenuURL == menuUrl && currentUserRoles.Contains(i.RoleId) && i.UserId == userid);
///check menu && roleid && userid
if (checkControllerActionRoleUserId != null)
{
if (IsActionNameEqualToCrudPageName(actionName))
{
CheckAccessOfPageAction(context, actionName, checkControllerActionRoleUserId);
}
else
{
if (checkControllerActionRoleUserId.IsRead == false || checkControllerActionRoleUserId.IsDelete == false || checkControllerActionRoleUserId.IsCreate == false || checkControllerActionRoleUserId.IsUpdate == false)//if userid !=null && Check Crud
{
UnAuthoRedirect(context);
}
}
}
else
{
var checkControllerActionRole = menuaccess.FirstOrDefault(i => i.MenuURL == menuUrl && currentUserRoles.Contains(i.RoleId) && i.UserId == null);
if (checkControllerActionRole != null)
{
if (IsActionNameEqualToCrudPageName(actionName))
{
CheckAccessOfPageAction(context, actionName, checkControllerActionRole);
}
else
{
if (checkControllerActionRole.IsRead == false || checkControllerActionRole.IsDelete == false || checkControllerActionRole.IsCreate == false || checkControllerActionRole.IsUpdate == false)//if userid !=null && Check Crud
{
UnAuthoRedirect(context);
}
}
}
else
{
if (IsThisAjaxRequest() == false)//if userid !=null && Check Crud
{
UnAuthoRedirect(context);
}
}
}
}
}
catch (Exception)
{ }
}
更新: 在实现下面建议@Sam之后,我还需要找到一种方法来不向不在权限表中的用户授予访问权限。避免冗余。如果用户无权访问某些内容,那么我不需要将其添加到权限以确保他们没有访问权限。我添加了以下代码的一部分,以便在用户登陆他们无权访问的页面时重定向到仪表板。
var checkControllerActionRoleUserId = menuaccess.FirstOrDefault(i => i.MenuURL == menuUrl && currentUserRoles.Contains(i.RoleId)
&& (i.UserId == userid || i.UserId == null) || controllerName == "dashboard"// @Sam: This is how we can combine
);
///check menu && roleid && userid
if (checkControllerActionRoleUserId != null)
{
if (IsActionNameEqualToCrudPageName(actionName))
{
CheckAccessOfPageAction(context, actionName, checkControllerActionRoleUserId);
}
else
{
if (checkControllerActionRoleUserId.IsRead == false || checkControllerActionRoleUserId.IsDelete == false || checkControllerActionRoleUserId.IsCreate == false || checkControllerActionRoleUserId.IsUpdate == false)//if userid !=null && Check Crud
{
UnAuthoRedirect(context);
}
}
}
else
{
UnAuthorizedArea(context);
}
代码中有几个问题。修复当前错误后,您将获得更多错误:
- 您正在将字符串集合分配给字符串(通过字符串 roleid(。当前您收到此错误。修复此错误后,会出现以下错误。
出现错误的原因是:
-
以下语句返回已登录用户的角色集合(准确地说是 roleId 集合(,而不是单个角色 ID。
string roleid = userManager.FindById(User.Identity.GetUserId()).Roles.Select(r => r.RoleId);` -
然后,您尝试在下一条语句中将此 roleid 集合分配给标量属性 i.RoleId(通过 i.RoleId=roleid(
var checkControllerActionRoleUserId = menuaccess.FirstOrDefault(i => i.MenuURL == menuUrl && String.IsNullOrEmpty(i.RoleId = roleid) && String.IsNullOrEmpty(i.UserId = userid));`使用赋值运算符 = 而不是
==进行比较。因此,您正在尝试将角色ID分配给i.RoleId,这是不允许的。使用赋值运算符 = 而不是 == 进行比较。因此,您正在尝试将用户ID分配给i.UserId,这是不允许的。
修复:请修改您的角色 ID 部分,如下所示:
var userManager = HttpContext.GetOwinContext().GetUserManager<ApplicationUserManager>();
// Select will return collection as opposed to scalar/single value. Pay attention to datatype here.
IEnumerable<string> currentUserRoles = userManager.FindById(User.Identity.GetUserId()).Roles.Select(r => r.RoleId);
(或(
//You can use var in case you do not know the data types of result.
var currentUserRoles = userManager.FindById(User.Identity.GetUserId()).Roles.Select(r => r.RoleId);
当前用户角色将包含当前登录用户的所有角色。现在使用该集合,如下所示(请注意条件currentUserRoles.Contains(i.RoleId(。我还修复了用户 id 周围的条件。
var checkControllerActionRoleUserId = menuaccess.FirstOrDefault(i => i.MenuURL == menuUrl
&& currentUserRoles.Contains(i.RoleId) && i.UserId == userid);
或者,可以使用 Where 和 FirstOrDefault 拆分上述语句,如下所示:
// Where statement returns collection of menuaccess items meeting all three conditions
var filteredMenuAccessCollection = menuaccess.Where(i => i.MenuURL == menuUrl && currentUserRoles.Contains(i.RoleId) && i.UserId == userid);
// FirstOrDefault will return the first menuaccess item from filteredMenuAccessCollection
var checkControllerActionRoleUserId = filteredMenuAccessCollection.FirstOrDefault();
以上可以进一步重写如下:
var mathingMenuUrlMenuAccessCollection = menuaccess.Where(i => i.MenuURL == menuUrl); // return menuaccess items matching given menuurl
var mathingMenuUrlAndRolesMenuAccessCollection = mathingMenuUrlMenuAccessCollection.Where(i => currentUserRoles.Contains(i.RoleId)); // return menuaccess items matching roles in currentUserRoles
var filteredMenuAccessCollection = mathingMenuUrlAndRolesMenuAccessCollection.Where(i => i.UserId == userid); // return menuaccess items matching given userid
// FirstOrDefault will return the first menuaccess item from filteredMenuAccessCollection
var checkControllerActionRoleUserId = filteredMenuAccessCollection.FirstOrDefault();
总而言之,必须满足所有 3 个条件才能从菜单访问集合中获取项目,否则将返回 null。条件评估的顺序为
- 首先,它尝试从菜单访问集合中查找匹配的 menuUrl 项。
- 然后尝试查找当前用户角色集合中包含角色 ID 的菜单访问项。
- 然后,它尝试从菜单访问集合中查找匹配的用户 id 项。
如果有多个菜单访问项满足上述 3 个条件,那么它将从菜单访问集合返回第一个项目,因为我们使用的是 FirstOrDefault。
更新:操作执行的简化版本:
protected override void OnActionExecuting(ActionExecutingContext context)
{
base.OnActionExecuting(context);
try
{
//int roleid = int.Parse(Env.GetUserInfo("roleid"));
//int userid = int.Parse(Env.GetUserInfo("userid"));
string userid = User.Identity.GetUserId();
//string userid = Env.GetUserInfo("userid");
//string roleid = Env.GetUserInfo("roleid");
var userManager = HttpContext.GetOwinContext().GetUserManager<ApplicationUserManager>();
// Select will return collection as opposed to scalar/single value. Pay attention to datatype here.
IEnumerable<string> currentUserRoles = userManager.FindById(User.Identity.GetUserId()).Roles.Select(r => r.RoleId);
//string roleid = roles;
// @Sam: Added this variable
var actionNamesToCompare = new List<string>{"add", "index", "create", "edit", "delete", "multiviewindex"};
var descriptor = context.ActionDescriptor;
var actionName = descriptor.ActionName.ToLower();
var controllerName = descriptor.ControllerDescriptor.ControllerName.ToLower();
var controller = descriptor.ControllerDescriptor.ControllerName;
var GetOrPost = context.HttpContext.Request.HttpMethod.ToString();
var checkAreaName = context.HttpContext.Request.RequestContext.RouteData.DataTokens["area"];
string AreaName = "";
if (checkAreaName != null)
{
AreaName = checkAreaName.ToString().ToLower() + "/";
}
var cacheItemKey = "AllMenuBar";
var global = HttpRuntime.Cache.Get(cacheItemKey);
if (GetOrPost == "POST")
{
// Added index to string 02/03/2020
// Added add to actonName settings 02/08/2020
///if menupermission create,edit,delete then update value "true" in IsMenuChange file
if (controllerName == "menupermission" && actionNamesToCompare.Contains(actionName))
{
global = MenuBarCache(cacheItemKey, global, "shortcache");
}
}
if (global == null)//if cashe is null
{
global = MenuBarCache(cacheItemKey, global, "60mincache");//make cache from db
}
var menuaccess = (MenuOfRole[])global;
if (GetOrPost == "GET")
{
if (actionNamesToCompare.Contains(actionName))
{
// Old Impementation May be removed at Cleanup if not used - 02/10/2020
//ViewBag.Add = menuaccess.Where(i => i.MenuURL == controllerName).Select(i => (i.IsAdd));
//ViewBag.Read = menuaccess.Where(i => i.MenuURL == controllerName).Select(i => (i.IsRead));
//ViewBag.Create = menuaccess.Where(i => i.MenuURL == controllerName).Select(i => (i.IsCreate));
//ViewBag.Edit = menuaccess.Where(i => i.MenuURL == controllerName).Select(i => (i.IsUpdate));
//ViewBag.Delete = menuaccess.Where(i => i.MenuURL == controllerName).Select(i => (i.IsDelete))();
// Stack Overflow corrections - 02/10/2020
ViewBag.Add = menuaccess.Any(i => i.MenuURL == controllerName && i.IsAdd);
ViewBag.Read = menuaccess.Any(i => i.MenuURL == controllerName && i.IsRead);
ViewBag.Create = menuaccess.Any(i => i.MenuURL == controllerName && i.IsCreate);
ViewBag.Edit = menuaccess.Any(i => i.MenuURL == controllerName && i.IsUpdate);
ViewBag.Delete = menuaccess.Any(i => i.MenuURL == controllerName && i.IsDelete);
ViewBag.Visable = menuaccess.Any(i => i.MenuURL == controllerName && i.IsVisable);
}
}
// @sam: you can combine menuUrl evaluation like this using ternary operator.
var menuUrl = IsActionNameEqualToCrudPageName(actionName) ? AreaName + controllerName
: AreaName + controllerName + "/" + actionName;
// var checkUrl = menuaccess.FirstOrDefault(i => (i.MenuURL == AreaName + controllerName + "/" + actionName) || i.MenuURL == menuUrl);
// @sam: No need of this if statement
// var checkUrl = menuaccess.FirstOrDefault(i => (i.MenuURL == AreaName + controllerName + "/" + actionName) || i.MenuURL == menuUrl);
///checkUrl: check if menu url Exists in MenuPermission if not exists then will be run
/*if (checkUrl != null)
{
// Changed below line to use string instead of int.. 01/26/2020
//var checkControllerActionRoleUserId = menuaccess.FirstOrDefault(i => i.MenuURL == menuUrl && String.IsNullOrEmpty(i.RoleId = roleid) && String.IsNullOrEmpty(i.UserId = userid));
// Added change to use roles as collection.
// @Sam: Since both if and else are doing same of operations,
// the below if-else can be comibined as follows:
/*var checkControllerActionRoleUserId = menuaccess.FirstOrDefault(i => i.MenuURL == menuUrl &¤tUserRoles.Contains(i.RoleId) && i.UserId == userid);
///check menu && roleid && userid
if (checkControllerActionRoleUserId != null)
{
if (IsActionNameEqualToCrudPageName(actionName))
{
CheckAccessOfPageAction(context, actionName, checkControllerActionRoleUserId);
}
else
{
if (checkControllerActionRoleUserId.IsRead == false || checkControllerActionRoleUserId.IsDelete == false || checkControllerActionRoleUserId.IsCreate == false || checkControllerActionRoleUserId.IsUpdate == false)//if userid !=null && Check Crud
{
UnAuthoRedirect(context);
}
}
}
else
{
var checkControllerActionRole = menuaccess.FirstOrDefault(i => i.MenuURL == menuUrl && currentUserRoles.Contains(i.RoleId) && i.UserId == null);
if (checkControllerActionRole != null)
{
if (IsActionNameEqualToCrudPageName(actionName))
{
CheckAccessOfPageAction(context, actionName, checkControllerActionRole);
}
else
{
if (checkControllerActionRole.IsRead == false || checkControllerActionRole.IsDelete == false || checkControllerActionRole.IsCreate == false || checkControllerActionRole.IsUpdate == false)//if userid !=null && Check Crud
{
UnAuthoRedirect(context);
}
}
}
else
{
if (IsThisAjaxRequest() == false)//if userid !=null && Check Crud
{
UnAuthoRedirect(context);
}
}
}//
} */
var checkControllerActionRoleUserId = menuaccess.FirstOrDefault(i => i.MenuURL == menuUrl &¤tUserRoles.Contains(i.RoleId)
&& (i.UserId == userid || i.UserId == null) // @Sam: This is how we can combine
);
///check menu && roleid && userid
if (checkControllerActionRoleUserId != null)
{
if (IsActionNameEqualToCrudPageName(actionName))
{
CheckAccessOfPageAction(context, actionName, checkControllerActionRoleUserId);
}
else
{
if (checkControllerActionRoleUserId.IsRead == false || checkControllerActionRoleUserId.IsDelete == false || checkControllerActionRoleUserId.IsCreate == false || checkControllerActionRoleUserId.IsUpdate == false)//if userid !=null && Check Crud
{
UnAuthoRedirect(context);
}
}
}
}
catch (Exception)
{ }
}
您可以使用不同用户的数据进行测试。