0

I have a web-site with many entities, all these entities are linked to company. User, which logged to site, has a linked company too, so, he sees only entities, linked to his company. Also, there is a admin, who can works with all companies, he selects a company and then navigate inside site like simple user. I think what is the best way to pass this company id to select entities. Of course, I can add CompanyId to each method in each controller:

    public async Task<ActionResult> Index(int? CompanyId)
    {
         //.....
    }

and create Action Filter like this:

public class CompanyIdValueActionFilterAttribute : ActionFilterAttribute
{
    public override void OnActionExecuting(ActionExecutingContext filterContext)
    {
        if (!filterContext.HttpContext.User.IsInRole("Superadmin") && filterContext.HttpContext.Request["CompanyId"] != null)
        {
            filterContext.Result = new HttpStatusCodeResult(HttpStatusCode.BadRequest);
        }
        else
            base.OnActionExecuting(filterContext);
    }
}

and mark by this attribute each method and add to each link parameter CompanyId, but probably it can be a more effective and flexible way?

Oleg Sh
  • 6,972
  • 9
  • 60
  • 109

1 Answers1

0

Since the CompanyID is associated to the user, if you're using any recent asp.net technology, just add the CompanyId as a claim of the user (claims should be available).

An Introduction to Claims

Access Claim values in controller in MVC 5

Erik Philips
  • 48,663
  • 7
  • 112
  • 142
  • I understand for users, associated to company, I mean access for superadmin, which selected company for short-time... – Oleg Sh Jun 30 '17 at 08:49
  • I don't see how it would be any different. Add the claim to the super user.. now they are in said company. – Erik Philips Jun 30 '17 at 15:18