Menu
My site allows people to edit posts. I want people to only edit their posts. I'd want an authorization attribute like:
[CanEditPost(PostId = Id)]
ActionResult Edit(int Id) { }
But it seems like parameters to attributes have to be static, which makes this impossible. Is there any way to get around this?
641
Yes.
If you create an attribute that inherits from AuthorizeAttribute,
you should be able to access the route parameters by:
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var postId = httpContext.Request.RequestContext.RouteData.Values["Id"];
.
.
.
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
