0

I have an ASP.NET MVC4 site with custom user/role provider. Entity Framework works with the user and role entities at the bottom level. Now I am introducing a concept of RolePermissions. Each role has an asscocialted list of permissions that allow users in this role to perform certain actions within the system, like deleting comments for example.

In my custom-build admin panel I want to list all the actions of a controllers and have an ability to allow or disallow the call to some action based on the presenace of a permission in the curent user's role.

Questions are:

  1. Is it possible?
  2. How do I list a set of actions in the controller.
  3. How do I assign or cancel an association between action and a role permission.

Possible starategy:

I introduce a global custom filter that is applied to all of the controllers and actions, that checks my database to see If I have a logical association. This way a checking code is ran every time the user makes a call to an action. Still how do I list controllers and actions (via reflection perhaps?)

Improve this question

1 Answer 1

Reset to default
1

Still how do I list controllers and actions (via reflection perhaps?)

Yes, reflection is one way to do it. Here's an example of how to get a list of all controller types:

public IEnumerable<Type> GetControllers()
{
    IEnumerable<Type> typesSoFar = Type.EmptyTypes;
    var assemblies = BuildManager.GetReferencedAssemblies();
    foreach (Assembly assembly in assemblies)
    {
        Type[] typesInAsm;
        try
        {
            typesInAsm = assembly.GetTypes();
        }
        catch (ReflectionTypeLoadException ex)
        {
            typesInAsm = ex.Types;
        }
        typesSoFar = typesSoFar.Concat(typesInAsm);
    }
    return typesSoFar.Where(type => 
        type != null && 
        type.IsPublic && 
        type.IsClass && 
        !type.IsAbstract && 
        typeof(IController).IsAssignableFrom(type)
    );
}

and then you could get a list of ActionDescriptor for each controller type:

foreach (var controller in GetControllers())
{
    ActionDescriptor[] actions = new ReflectedControllerDescriptor(controller).GetCanonicalActions();
    foreach (var action in actions)
    {
        // here you know everything about the action
    }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

For some reason the list of actions is always empty becuase `controller.GetType() returns a RuntimeType that, when reflected as ControllerDescriptor has no actions. But the controller.Name is correct name of my web site controllers.
Ok, found a problem - ReflectedControllerDescriptor(controller).GetCanonicalActions(); There was no need to call controller.GetType() since controller variable already hold a type object.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.