0

There is an API that should check if a user has permissions to execute action on a specific entity. Every method looks like this:

[HttpPost, Route("foo/{entityId}/{parameter}")]
[HasValidId] // <-- I would like to add this
public async Task<IActionResult> Foo(int entityId, string parameter)
{
    // Instead of this:
    if(!service.LoggedInUserHasAccessToEntity(entityId))
        throw("No accesss to entity");
}

As you can see, it accepts "entityId" as an input parameter from the url. Then the LoggedInUserHasAccessToEntity check is being performed. In case user doesn't have sufficent permissions, an error is returned.

This approach works fine, but I'd really like to replace it with a TypeFilterAttribute or something similar to avoid code duplication. So far I have created an empty HasValidIdAttribute class.

Is there a way to access entityId inside my type filter attribute?

Note: url parsing won't do, as there may be other parameters involved.

Hirasawa Yui
  • 732
  • 7
  • 14
  • Check this: https://stackoverflow.com/questions/39181390/how-do-i-add-a-parameter-to-an-action-filter-in-asp-net – EylM Nov 23 '20 at 14:38
  • My arguments are Api method arguments, not TypeFilter arguments. This will not work, I can't just put [HasValidId("entityId?")], because I don't know it beforehand. – Hirasawa Yui Nov 23 '20 at 14:43

0 Answers0