【发布时间】:2022-09-13 17:28:35
【问题描述】:
ABP Web Api:[Authorize] 属性在三个操作权限下无法正常工作, 仅在一项操作权限下才能正常工作,如下所示:
用户必须拥有这三个权限才能访问 Controller Action , 但是如果用户只有一个权限,他就不能访问控制器动作
我需要一种方法来允许任何只有一种权限的用户访问控制器操作
[Authorize]
public class RequestDeleteBuildingController : AqaratController, IRequestDeleteBuildingAppService
{
// 1'st method - not working
//[Authorize(Roles = AqaratPermissions.RequestAddBuilding.Create + "," + AqaratPermissions.RequestEditBuilding.Create + "," + AqaratPermissions.RequestDeleteBuilding.Create)]
// 2'nd method - not working
//[Authorize(Roles = $"{AqaratPermissions.RequestAddBuilding.Create},{AqaratPermissions.RequestEditBuilding.Create},{AqaratPermissions.RequestDeleteBuilding.Create}")]
// 3'rd method - not working
//[Authorize(AqaratPermissions.RequestAddBuilding.Create)]
//[Authorize(AqaratPermissions.RequestEditBuilding.Create)]
//[Authorize(AqaratPermissions.RequestDeleteBuilding.Create)]
// 4'th method - working only with one permission
[Authorize(AqaratPermissions.RequestAddBuilding.Create)]
public async Task<RequestBuildingCoordinateDto> CreateAsync(Guid requestId, CreateUpdateRequestBuildingCoordinateDto input)
{
return await requestBuildingCoordinateAppService.CreateAsync(requestId, input);
}
}
【问题讨论】: