private static ActionDescriptor CreateActionDescriptor()
{
ControllerDescriptor controllerDescriptor = new ReflectedControllerDescriptor(typeof(SampleController));
var method = typeof(SampleController).GetMethod("Execute");
ActionDescriptor actionDescriptor = new ReflectedActionDescriptor(method, "Execute", controllerDescriptor);
return actionDescriptor;
}
public ControllerMapper(ITypeFinder typeFinder, IDefinitionManager definitionManager)
{
IList<ControlsAttribute> controllerDefinitions = FindControllers(typeFinder);
foreach (ItemDefinition id in definitionManager.GetDefinitions())
{
IAdapterDescriptor controllerDefinition = GetControllerFor(id, controllerDefinitions);
if(controllerDefinition != null)
{
ControllerMap[id.ItemType] = controllerDefinition.ControllerName;
// interacting with static context is tricky, here I made the assumtion that the last
// finder is the most relevat and takes the place of previous ones, this makes a few
// tests pass and doesn't seem to be called in production
foreach (var finder in PathDictionary.GetFinders(id.ItemType).Where(f => f is ActionResolver))
PathDictionary.RemoveFinder(id.ItemType, finder);
// Use MVC's ReflectedControllerDescriptor to find all actions on the Controller
var methods = new ReflectedControllerDescriptor(controllerDefinition.AdapterType)
.GetCanonicalActions()
.Select(m => m.ActionName).ToArray();
var actionResolver = new ActionResolver(this, methods);
_controllerActionMap[controllerDefinition.ControllerName] = methods;
PathDictionary.PrependFinder(id.ItemType, actionResolver);
}
}
}
public ActionResult Index()
{
ReflectedControllerDescriptor controllerDescriptor = new ReflectedControllerDescriptor(typeof(HomeController));
ActionDescriptor actionDescriptor = controllerDescriptor.FindAction(ControllerContext, "DemoAction");
IEnumerable<Filter> filters = FilterProviders.Providers.GetFilters(ControllerContext, actionDescriptor);
return View(filters);
}
public static bool ActionAuthorized(this HtmlHelper htmlHelper, string actionName, string controllerName)
{
ControllerBase controllerBase = string.IsNullOrEmpty(controllerName)
? htmlHelper.ViewContext.Controller
: htmlHelper.GetControllerByName(controllerName);
ControllerContext controllerContext = new ControllerContext(htmlHelper.ViewContext.RequestContext,
controllerBase);
ControllerDescriptor controllerDescriptor =
new ReflectedControllerDescriptor(controllerContext.Controller.GetType());
ActionDescriptor actionDescriptor = controllerDescriptor.FindAction(controllerContext, actionName);
if (actionDescriptor == null)
return false;
FilterInfo filters =
new FilterInfo(FilterProviders.Providers.GetFilters(controllerContext, actionDescriptor));
AuthorizationContext authorizationContext = new AuthorizationContext(controllerContext, actionDescriptor);
foreach (IAuthorizationFilter authorizationFilter in filters.AuthorizationFilters)
{
authorizationFilter.OnAuthorization(authorizationContext);
if (authorizationContext.Result != null)
return false;
}
return true;
}
private static ActionDescriptor GetActionDescriptor(ControllerBase controller, RouteData routeData)
{
var controllerDescriptor = new ReflectedControllerDescriptor(controller.GetType());
var actionName = routeData.GetRequiredString("action");
var actionDescriptor = controllerDescriptor.FindAction(controller.ControllerContext, actionName);
return actionDescriptor;
}
/// <summary>
/// 使用Descriptor,取程序集中所有Action的元数据
/// </summary>
/// <returns></returns>
public static IEnumerable<ApplicationPermission> GetAllActionByAssembly()
{
var result = new List<ApplicationPermission>();
//取程序集中的全部类型
var types = Assembly.Load("AspNetIdentity2Permission.Mvc").GetTypes();
//取控制器
foreach (var type in types)
{
if (type.BaseType == typeof(BaseController))//如果是BaseController
{
//反射控制器
var controller = new ReflectedControllerDescriptor(type);
//取控制器的Action,共有实例方法
var actions = controller.GetCanonicalActions();
//构建权限
foreach (var action in actions)
{
//创建权限
var ap = new ApplicationPermission()
{
Action = action.ActionName,
Controller = controller.ControllerName,
//Params = FormatParams(action),
Description = GetDescription(action)
};
result.Add(ap);
}
}
}
return result;
}
public void When_getting_controller_attributes_then_builds_up_instance()
{
using (var container = new UnityContainer())
{
// Arrange
var someInstance = new SomeClass();
container.RegisterInstance<ISomeInterface>(someInstance);
container.RegisterType<TestFilterAttribute>(new InjectionProperty("Some"));
var context = new ControllerContext { Controller = new ControllerWithTypeAttribute() };
var controllerDescriptor = new ReflectedControllerDescriptor(context.Controller.GetType());
var action = context.Controller.GetType().GetMethod("MyActionMethod");
var actionDescriptor = new ReflectedActionDescriptor(action, "MyActionMethod", controllerDescriptor);
var provider = new UnityFilterAttributeFilterProvider(container);
// Act
Filter filter = provider.GetFilters(context, actionDescriptor).Single();
// Assert
TestFilterAttribute attrib = filter.Instance as TestFilterAttribute;
Assert.IsNotNull(attrib);
Assert.AreEqual(FilterScope.Controller, filter.Scope);
Assert.AreEqual(1234, filter.Order);
Assert.AreSame(someInstance, attrib.Some);
}
}
public ActionResult Index()
{
var listOrActions = new ReflectedControllerDescriptor(this.GetType())
.GetCanonicalActions()
.Select(x => x.ActionName)
.ToList();
return View(listOrActions);
}
/// <summary>
/// Resolves the action method parameters.
/// </summary>
/// <param name="controllerTypeResolver">The controller type resolver.</param>
/// <param name="areaName">Name of the area.</param>
/// <param name="controllerName">Name of the controller.</param>
/// <param name="actionMethodName">Name of the action method.</param>
/// <returns>
/// A action method parameters represented as a <see cref="string"/> instance
/// </returns>
public IEnumerable<string> ResolveActionMethodParameters(IControllerTypeResolver controllerTypeResolver,
string areaName, string controllerName,
string actionMethodName)
{
// Is the request cached?
string cacheKey = areaName + "_" + controllerName + "_" + actionMethodName;
if (Cache.ContainsKey(cacheKey))
{
return Cache[cacheKey];
}
// Get controller type
Type controllerType = controllerTypeResolver.ResolveControllerType(areaName, controllerName);
// Get action method information
var actionParameters = new List<string>();
if (controllerType != null)
{
ControllerDescriptor controllerDescriptor = null;
if (typeof(IController).IsAssignableFrom(controllerType))
{
controllerDescriptor = new ReflectedControllerDescriptor(controllerType);
}
else if (typeof(IAsyncController).IsAssignableFrom(controllerType))
{
controllerDescriptor = new ReflectedAsyncControllerDescriptor(controllerType);
}
ActionDescriptor[] actionDescriptors = controllerDescriptor.GetCanonicalActions()
.Where(a => a.ActionName == actionMethodName).ToArray();
if (actionDescriptors != null && actionDescriptors.Length > 0)
{
foreach (ActionDescriptor actionDescriptor in actionDescriptors)
{
actionParameters.AddRange(actionDescriptor.GetParameters().Select(p => p.ParameterName));
}
}
}
// Cache the result
if (!Cache.ContainsKey(cacheKey))
{
try
{
Cache.Add(cacheKey, actionParameters);
}
catch (ArgumentException)
{
// Nomnomnom... We're intentionally eating it here
}
}
// Return
return actionParameters;
}
protected virtual Type FindModelType(ControllerBase controller, string actionName)
{
ControllerDescriptor controllerDescriptor = new ReflectedControllerDescriptor(controller.GetType());
var actionDescriptor = controllerDescriptor.FindAction(controller.ControllerContext, actionName);
var qry = from p in actionDescriptor.GetParameters()
let paramType = p.ParameterType
where typeof(Csla.Core.IBusinessObject).IsAssignableFrom(paramType)
select paramType;
return qry.SingleOrDefault();
}
public ActionResult Index()
{
ControllerDescriptor controllerDescriptor = new ReflectedControllerDescriptor(typeof(HomeController));
ActionDescriptor actionDescriptor = controllerDescriptor.FindAction(ControllerContext, "DemoAction");
Dictionary<ParameterDescriptor, IModelBinder> binders = new Dictionary<ParameterDescriptor, IModelBinder>();
foreach (ParameterDescriptor parameterDescriptor in actionDescriptor.GetParameters())
{
binders.Add(parameterDescriptor, this.GetModelBinder(parameterDescriptor));
}
return View(binders);
}
public MvcActionFunction(Type controllerType, string actionName, string @namespace, string name, string description,
FunctionCollection functionCollection)
: base(@namespace, name, description, functionCollection)
{
_controllerDescriptor = new ReflectedControllerDescriptor(controllerType);
_actionName = actionName;
var actions = _controllerDescriptor.GetCanonicalActions().Where(a => a.ActionName == actionName);
Verify.That(actions.Any(), "Action name '{0}' isn't recognized", actionName);
_routeToRender = "~/{0}/{1}".FormatWith(_controllerDescriptor.ControllerName, actionName);
}
static MethodInfo GetActionMethod(HttpContextBase context, RouteData routeData, ControllerBase controller)
{
var actionName = routeData.Values["action"] as string;
if (actionName == null)
return null;
var controllerContext = new ControllerContext(context, routeData, controller);
var controllerDescriptor = new ReflectedControllerDescriptor(controller.GetType());
var actionDescriptor = controllerDescriptor.FindAction(controllerContext, actionName) as ReflectedActionDescriptor;
return actionDescriptor?.MethodInfo;
}
public ControllerDescriptor Create(Type controllerType)
{
ControllerDescriptor controllerDescriptor = null;
if (typeof(IController).IsAssignableFrom(controllerType))
{
controllerDescriptor = new ReflectedControllerDescriptor(controllerType);
}
else if (typeof(IAsyncController).IsAssignableFrom(controllerType))
{
controllerDescriptor = new ReflectedAsyncControllerDescriptor(controllerType);
}
return controllerDescriptor;
}
internal static bool HasActionPermission(this HtmlHelper htmlHelper, string actionName, string controllerName)
{
var controllerToLinkTo = string.IsNullOrEmpty(controllerName)
? htmlHelper.ViewContext.Controller
: GetControllerByName(htmlHelper, controllerName);
var controllerContext = new ControllerContext(htmlHelper.ViewContext.RequestContext, controllerToLinkTo);
var controllerDescriptor = new ReflectedControllerDescriptor(controllerToLinkTo.GetType());
var actionDescriptor = controllerDescriptor.FindAction(controllerContext, actionName);
return ActionIsAuthorized(controllerContext, actionDescriptor);
}
public ActionResult Redirect()
{
var catalog = this.Container.Catalog;
double lowestOrder = double.MaxValue;
Uri redirectUri = null;
foreach (var exportInfo in catalog.FindExports<IControllerMetadata>(ContractNames.AdminController))
{
ReflectedControllerDescriptor descriptor = new ReflectedControllerDescriptor(exportInfo.Value);
var controllerAttr =
descriptor.GetCustomAttributes(typeof(AdminControllerAttribute), true).FirstOrDefault()
as AdminControllerAttribute;
if (controllerAttr == null)
continue;
if (controllerAttr.Order >= lowestOrder)
continue;
lowestOrder = controllerAttr.Order;
Uri defaultTargetUrl = null;
foreach (var actionDescriptor in descriptor.GetCanonicalActions())
{
var actionAttr =
actionDescriptor.GetCustomAttributes(typeof(AdminActionAttribute), true).FirstOrDefault() as
AdminActionAttribute;
if (actionAttr == null)
continue;
string targetUrl = Url.Action(actionAttr.Name,
controllerAttr.Name,
new
{
packageId = exportInfo.Metadata.PackageId,
packageVersion = exportInfo.Metadata.PackageVersion
});
Uri target = new Uri(targetUrl, UriKind.RelativeOrAbsolute);
if (defaultTargetUrl == null || actionAttr.IsDefault)
defaultTargetUrl = target;
}
if (defaultTargetUrl != null)
redirectUri = defaultTargetUrl;
}
return Redirect(redirectUri.ToString());
}
//This method checks if we have an AJAX request or not
private bool IsAjaxRequest()
{
//The easy way
bool isAjaxRequest = (Request["X-Requested-With"] == "XMLHttpRequest")
|| ((Request.Headers != null)
&& (Request.Headers["X-Requested-With"] == "XMLHttpRequest"));
//If we are not sure that we have an AJAX request or that we have to return JSON
//we fall back to Reflection
if (!isAjaxRequest)
{
try
{
//The controller and action
string controllerName = Request.RequestContext.
RouteData.Values["controller"].ToString();
string actionName = Request.RequestContext.
RouteData.Values["action"].ToString();
//We create a controller instance
DefaultControllerFactory controllerFactory = new DefaultControllerFactory();
Controller controller = controllerFactory.CreateController(
Request.RequestContext, controllerName) as Controller;
//We get the controller actions
ReflectedControllerDescriptor controllerDescriptor =
new ReflectedControllerDescriptor(controller.GetType());
ActionDescriptor[] controllerActions =
controllerDescriptor.GetCanonicalActions();
//We search for our action
foreach (ReflectedActionDescriptor actionDescriptor in controllerActions)
{
if (actionDescriptor.ActionName.ToUpper().Equals(actionName.ToUpper()))
{
//If the action returns JsonResult then we have an AJAX request
if (actionDescriptor.MethodInfo.ReturnType
.Equals(typeof(JsonResult)))
return true;
}
}
}
catch(Exception eeee)
{
log.Exception(eeee);
}
}
return isAjaxRequest;
}
public MvcControllerFunction(ReflectedControllerDescriptor controllerDescriptor,
string @namespace, string name, string description, FunctionCollection functionCollection)
: base(@namespace, name, description, functionCollection)
{
Verify.ArgumentNotNull(controllerDescriptor, "controllerDescriptor");
_controllerDescriptor = controllerDescriptor;
RequireAsyncHandler = _controllerDescriptor.ControllerType
.GetMethods(BindingFlags.Instance | BindingFlags.Public | BindingFlags.NonPublic)
.Any(method => method.ReturnType == typeof(Task)
|| (method.ReturnType.IsGenericType
&& method.ReturnType.GetGenericTypeDefinition() == typeof(Task<>)));
}
public void UpdateActionList()
{
DB.ControllerActions.ToList();
List<Type> typeList = Assembly.GetExecutingAssembly().GetExportedTypes().Where(r => r.HasBaseType(typeof(Controller))).ToList();
//Delete non-existing controllers
foreach (var item in typeList)
{
ReflectedControllerDescriptor controllerDes = new ReflectedControllerDescriptor(item);
string controllerName = controllerDes.ControllerName;
ControllerAction controllerOfActionAuthorization = DB.ControllerActions.Where(r => r.Controller == controllerName
&& string.IsNullOrEmpty(r.Action)
&& string.IsNullOrEmpty(r.HttpVerb)
).FirstOrDefault();
if (controllerOfActionAuthorization == null)
{
controllerOfActionAuthorization = new ControllerAction();
controllerOfActionAuthorization.Controller = controllerName;
DB.AddToControllerActions(controllerOfActionAuthorization);
Save();
}
List<ActionDescriptor> actionDescriptorList = controllerDes.GetCanonicalActions().ToList();
foreach (var actionDesc in actionDescriptorList)
{
string parameters = string.Join(", ", actionDesc.GetParameters().Select(r => r.ParameterName));
string httpVerb = actionDesc.GetHttpVerb();
string actionName = actionDesc.ActionName;
ControllerAction actionOfActionAuthorization = DB.ControllerActions.Where(r => r.Controller == controllerName && r.Action == actionName && r.HttpVerb == httpVerb).FirstOrDefault();
if (actionOfActionAuthorization == null)
{
actionOfActionAuthorization = new ControllerAction();
actionOfActionAuthorization.Controller = controllerName;
actionOfActionAuthorization.Action = actionName;
actionOfActionAuthorization.Parameters = parameters;
actionOfActionAuthorization.HttpVerb = httpVerb;
DB.AddToControllerActions(actionOfActionAuthorization);
Save();
}
}
}
}
public void Before_each_test()
{
attribute = new SessionBasedAuthorizeAttibute();
var controller = new FakeController();
MvcTest.SetupControllerContext(controller);
authorizationContext = new AuthorizationContext();
authorizationContext.Controller = controller;
authorizationContext.HttpContext = controller.HttpContext;
var controllerDescriptor = new ReflectedControllerDescriptor(typeof(FakeController));
var method = typeof(FakeController).GetMethod("Nothing");
authorizationContext.ActionDescriptor = new ReflectedActionDescriptor(method, "Nothing", controllerDescriptor);
}
public ActionResult Yes(ConfirmationActionViewModel model)
{
if (!model.HttpPost)
return Redirect(model.YesUrl);
ConfirmationData data = ConfirmationService.GetData(model.Id);
RouteData route = RoutesHelper.GetRouteDataByUrl("/" + model.YesUrl);
//var controllerDescriptor = new ReflectedControllerDescriptor(GetType());
string controllerName = (String)route.Values["controller"];
string actionName = (String)route.Values["action"];
//string values = RouteData.GetRequiredString("id");
//IControllerActivator
DefaultControllerFactory d = new DefaultControllerFactory();
IController controller = d.CreateController(HttpContext.Request.RequestContext, controllerName);
ControllerDescriptor controllerDescriptor = new ReflectedControllerDescriptor(controller.GetType());
//d.ReleaseController(controller);
ActionDescriptor actionDescriptor = controllerDescriptor.FindAction(ControllerContext, actionName);
RequestContext requestContext = new RequestContext(new RoutesHelper.RewritedHttpContextBase("/" + model.YesUrl), route);
requestContext.HttpContext.Request.Form.Add((NameValueCollection)data.PostData);
ControllerContext ctx = new ControllerContext(requestContext, (ControllerBase)controller);
IDictionary<string, object> parameters2 = GetParameterValues(ctx, actionDescriptor);
IDictionary<string, object> parameters = new Dictionary<string,object>();
ControllerContext.HttpContext.Response.Clear();
NameValueCollection nameValueCollection = data.PostData as NameValueCollection;
//nameValueCollection.
actionDescriptor.Execute(ControllerContext, (IDictionary<string, object>)data.PostData);
//var viewResult = new ViewResult
//{
// ViewName = "",
// MasterName = "",
// ViewData = new ViewDataDictionary(data.PostData),
// TempData = null
//};
//return viewResult;
return new EmptyResult();
}
/// <summary>
/// Avoids risking things like AmbiguousMatchException, by accessing the controller and action descriptors.
/// </summary>
internal IEnumerable<AuthorizeAttribute> GetAuthorizeAttributes(ControllerBase controller, string actionName)
{
ControllerDescriptor controllerDescriptor = new ReflectedControllerDescriptor(controller.GetType());
ActionDescriptor actionDescriptor = controllerDescriptor.FindAction(controller.ControllerContext, actionName);
if (actionDescriptor == null)
{
// if we can't find a matching action descriptor, we just issue a warning log and trim the action from the site map.
log.Warn(Exceptions.MiniAclModule_ActionDescriptorNotFound.FormatWith(controllerDescriptor.ControllerName, actionName));
return new AuthorizeAttribute[] { new UnauthorizedAttribute() };
}
IEnumerable<AuthorizeAttribute> controllerAttributes = controllerDescriptor.GetAttributes<AuthorizeAttribute>();
IEnumerable<AuthorizeAttribute> actionAttributes = actionDescriptor.GetAttributes<AuthorizeAttribute>();
return controllerAttributes.Concat(actionAttributes);
}
/// <summary>
/// Returns true if a specific controller action exists and
/// the user has the ability to access it.
/// </summary>
/// <param name="htmlHelper"></param>
/// <param name="actionName"></param>
/// <param name="controllerName"></param>
/// <returns></returns>
public static bool HasActionPermission(this HtmlHelper htmlHelper, string actionName, string controllerName)
{
//if the controller name is empty the ASP.NET convention is:
//"we are linking to a different controller
ControllerBase controllerToLinkTo = string.IsNullOrEmpty(controllerName)
? htmlHelper.ViewContext.Controller
: GetControllerByName(htmlHelper, controllerName);
var controllerContext = new ControllerContext(htmlHelper.ViewContext.RequestContext, controllerToLinkTo);
var controllerDescriptor = new ReflectedControllerDescriptor(controllerToLinkTo.GetType());
var actionDescriptor = controllerDescriptor.FindAction(controllerContext, actionName);
return ActionIsAuthorized(controllerContext, actionDescriptor);
}
private void ListValidActions(RequestContext requestContext)
{
ReflectedControllerDescriptor controllerDescriptor = new ReflectedControllerDescriptor(typeof(HomeController));
ActionDescriptor[] actionDescriptors = controllerDescriptor.GetCanonicalActions();
if (actionDescriptors.Any())
{
foreach (ActionDescriptor actionDescriptor in actionDescriptors)
{
requestContext.HttpContext.Response.Write(actionDescriptor.ActionName + "<br/>");
}
}
else
{
requestContext.HttpContext.Response.Write("无合法的Action方法");
}
}
private Boolean IsJsonResponse(ControllerContext filterContext) {
if (filterContext is ActionExecutedContext) {
if (((ActionExecutedContext)filterContext).Result is JsonResult || filterContext.HttpContext.Response.ContentType.ToLower() == Curl.JsonType.ToLower()) {
return true;
}
} else if (filterContext is ExceptionContext) {
if (filterContext.HttpContext.Response.ContentType.ToLower() == Curl.JsonType.ToLower()) return true;
var actionName = (String)filterContext.RouteData.Values["action"];
Type controllerType = filterContext.Controller.GetType();
ControllerDescriptor controllerDescriptor = new ReflectedControllerDescriptor(controllerType);
var action = (ReflectedActionDescriptor)controllerDescriptor.FindAction(filterContext.Controller.ControllerContext, actionName);
return action.MethodInfo.ReturnType == typeof(JsonResult);
}
return false;
}
public override void OnException(ExceptionContext filterContext)
{
ExceptionHandlerAreaAttribute RegisteredExceptionArea = null;
ReflectedControllerDescriptor controllerDescriptor = new ReflectedControllerDescriptor(filterContext.Controller.GetType());
ActionDescriptor actionDescriptor = controllerDescriptor.FindAction(filterContext.Controller.ControllerContext, filterContext.RouteData.Values["action"].ToString());
if (controllerDescriptor.IsDefined(typeof(ExceptionHandlerAreaAttribute), true))
RegisteredExceptionArea = controllerDescriptor.GetCustomAttributes(typeof(ExceptionHandlerAreaAttribute), true).First() as ExceptionHandlerAreaAttribute;
else if (actionDescriptor != null && actionDescriptor.IsDefined(typeof(ExceptionHandlerAreaAttribute), true))
RegisteredExceptionArea = actionDescriptor.GetCustomAttributes(typeof(ExceptionHandlerAreaAttribute), true).First() as ExceptionHandlerAreaAttribute;
if (RegisteredExceptionArea != null)
Debug.WriteLine(RegisteredExceptionArea.RegisteredAreaName);
base.OnException(filterContext);
}
//FROM: http://stackoverflow.com/questions/2721869/security-aware-action-link
public static bool CheckHasActionPermission(ViewContext viewContext, string actionName, string controllerName = null, bool useNamespaceFallback = false)
{
//if the controller name is empty the ASP.NET convention is:
//"we are linking to a different controller
ControllerBase controllerToLinkTo = string.IsNullOrEmpty(controllerName)
? viewContext.Controller
: GetControllerByName(viewContext, controllerName, useNamespaceFallback);
var controllerContext = new ControllerContext(viewContext.RequestContext, controllerToLinkTo);
var controllerDescriptor = new ReflectedControllerDescriptor(controllerToLinkTo.GetType());
var actionDescriptor = controllerDescriptor.GetCanonicalActions().Where(x => String.Equals(x.ActionName, actionName, StringComparison.OrdinalIgnoreCase)).FirstOrDefault();
//Originally it was: //var actionDescriptor = controllerDescriptor.FindAction(controllerContext, actionName);
//I changed it because, I want to check accessibility to an POST action. Maybe it could fail for actions for different http method and the same name
return ActionIsAuthorized(controllerContext, actionDescriptor);
}
protected ActionResult InvokeAction(string actionName)
{
ControllerDescriptor controllerDescriptor = new ReflectedControllerDescriptor(this.GetType());
ActionDescriptor actionDescriptor = controllerDescriptor.FindAction(ControllerContext, actionName);
Dictionary<string, object> parameters = new Dictionary<string, object>();
foreach (ParameterDescriptor parameterDescriptor in actionDescriptor.GetParameters())
{
string modelName = parameterDescriptor.BindingInfo.Prefix?? parameterDescriptor.ParameterName;
ModelBindingContext bindingContext = new ModelBindingContext
{
FallbackToEmptyPrefix = parameterDescriptor.BindingInfo.Prefix == null,
ModelMetadata = ModelMetadataProviders.Current.GetMetadataForType(null, parameterDescriptor.ParameterType),
ModelName = modelName,
ModelState = ModelState,
ValueProvider = this.ValueProvider
};
parameters.Add(parameterDescriptor.ParameterName,this.ModelBinder.BindModel(ControllerContext, bindingContext));
}
return (ActionResult)actionDescriptor.Execute(ControllerContext,parameters);
}
public static object InvokeAction(this Controller controller, string actionName)
{
IModelBinder modelBinder = new MyDefaultModelBinder();
ControllerDescriptor controllerDescriptor = new ReflectedControllerDescriptor(controller.GetType());
ActionDescriptor actionDescriptor = controllerDescriptor.FindAction(controller.ControllerContext, actionName);
Dictionary<string, object> arguments = new Dictionary<string, object>();
foreach (ParameterDescriptor parameterDescriptor in actionDescriptor.GetParameters())
{
string modelName = parameterDescriptor.BindingInfo.Prefix ?? parameterDescriptor.ParameterName;
ModelBindingContext bindingContext = new ModelBindingContext
{
FallbackToEmptyPrefix = parameterDescriptor.BindingInfo.Prefix == null,
ModelMetadata = ModelMetadataProviders.Current.GetMetadataForType(null, parameterDescriptor.ParameterType),
ModelName = modelName,
ModelState = controller.ModelState,
ValueProvider = controller.ValueProvider
};
object argument = modelBinder.BindModel(controller.ControllerContext, bindingContext);
arguments.Add(parameterDescriptor.ParameterName, argument);
}
return actionDescriptor.Execute(controller.ControllerContext, arguments);
}
/// <summary>
/// Determines whether node is accessible to user.
/// </summary>
/// <param name="controllerTypeResolver">The controller type resolver.</param>
/// <param name="provider">The provider.</param>
/// <param name="context">The context.</param>
/// <param name="node">The node.</param>
/// <returns>
/// <c>true</c> if accessible to user; otherwise, <c>false</c>.
/// </returns>
public bool IsAccessibleToUser(IControllerTypeResolver controllerTypeResolver, DefaultSiteMapProvider provider, HttpContext context, SiteMapNode node)
{
// Is security trimming enabled?
if (!provider.SecurityTrimmingEnabled)
{
return true;
}
// Is it an external node?
var nodeUrl = node.Url;
if (nodeUrl.StartsWith("http") || nodeUrl.StartsWith("ftp"))
{
return true;
}
// Is it a regular node?
var mvcNode = node as MvcSiteMapNode;
if (mvcNode == null)
{
throw new AclModuleNotSupportedException(
Resources.Messages.AclModuleDoesNotSupportRegularSiteMapNodes);
}
// Clickable? Always accessible.
if (mvcNode.Clickable == false)
{
return true;
}
// Time to delve into the AuthorizeAttribute defined on the node.
// Let's start by getting all metadata for the controller...
var controllerType = controllerTypeResolver.ResolveControllerType(mvcNode.Area, mvcNode.Controller);
if (controllerType == null)
{
return false;
}
// Find routes for the sitemap node's url
HttpContextBase httpContext = new HttpContextWrapper(context);
string originalPath = httpContext.Request.Path;
var originalRoutes = RouteTable.Routes.GetRouteData(httpContext);
httpContext.RewritePath(nodeUrl, true);
HttpContextBase httpContext2 = new HttpContext2(context);
RouteData routes = mvcNode.GetRouteData(httpContext2);
if (routes == null)
{
return true; // Static URL's will have no route data, therefore return true.
}
foreach (var routeValue in mvcNode.RouteValues)
{
routes.Values[routeValue.Key] = routeValue.Value;
}
if (!routes.Route.Equals(originalRoutes.Route) || originalPath != nodeUrl || mvcNode.Area == String.Empty)
{
routes.DataTokens.Remove("area");
//routes.DataTokens.Remove("Namespaces");
//routes.Values.Remove("area");
}
var requestContext = new RequestContext(httpContext, routes);
// Create controller context
var controllerContext = new ControllerContext();
controllerContext.RequestContext = requestContext;
try
{
string controllerName = requestContext.RouteData.GetRequiredString("controller");
controllerContext.Controller = ControllerBuilder.Current.GetControllerFactory().CreateController(requestContext, controllerName) as ControllerBase;
}
catch
{
try
{
controllerContext.Controller = Activator.CreateInstance(controllerType) as ControllerBase;
}
catch
{
}
}
ControllerDescriptor controllerDescriptor = null;
if (typeof(IController).IsAssignableFrom(controllerType))
{
controllerDescriptor = new ReflectedControllerDescriptor(controllerType);
}
else if (typeof(IAsyncController).IsAssignableFrom(controllerType))
{
controllerDescriptor = new ReflectedAsyncControllerDescriptor(controllerType);
}
ActionDescriptor actionDescriptor = null;
try
{
actionDescriptor = controllerDescriptor.FindAction(controllerContext, mvcNode.Action);
}
catch
{
}
if (actionDescriptor == null)
{
actionDescriptor = controllerDescriptor.GetCanonicalActions().Where(a => a.ActionName == mvcNode.Action).FirstOrDefault();
}
// Verify security
try
{
if (actionDescriptor != null)
{
#if NET35
IEnumerable<AuthorizeAttribute> authorizeAttributesToCheck =
actionDescriptor.GetCustomAttributes(typeof(AuthorizeAttribute), true).OfType
<AuthorizeAttribute>().ToList()
.Union(
controllerDescriptor.GetCustomAttributes(typeof(AuthorizeAttribute), true).OfType
<AuthorizeAttribute>().ToList());
#else
IEnumerable<AuthorizeAttribute> authorizeAttributesToCheck =
FilterProviders.Providers.GetFilters(controllerContext, actionDescriptor)
.Where(f => typeof(AuthorizeAttribute).IsAssignableFrom(f.Instance.GetType()))
.Select(f => f.Instance as AuthorizeAttribute);
#endif
// Verify all attributes
foreach (var authorizeAttribute in authorizeAttributesToCheck)
{
try
{
var currentAuthorizationAttributeType = authorizeAttribute.GetType();
var builder = new AuthorizeAttributeBuilder();
var subclassedAttribute =
currentAuthorizationAttributeType == typeof(AuthorizeAttribute) ?
new InternalAuthorize(authorizeAttribute) : // No need to use Reflection.Emit when ASP.NET MVC built-in attribute is used
(IAuthorizeAttribute)builder.Build(currentAuthorizationAttributeType).Invoke(null);
// Copy all properties
ObjectCopier.Copy(authorizeAttribute, subclassedAttribute);
if (!subclassedAttribute.IsAuthorized(controllerContext.HttpContext))
{
return false;
}
}
catch
{
// do not allow on exception
return false;
}
}
}
// No objection.
return true;
}
finally
{
// Restore HttpContext
httpContext.RewritePath(originalPath, true);
}
}
