MVC EF似乎不能及时获取行更新
本文关键字:获取 更新 不能 EF MVC | 更新日期: 2023-09-27 18:07:19
我正在跟踪用户是否可以使用自定义AuthorizeAttribute和数据库中保存其用户名和角色的表访问网站的某些页面。如果我更改用户的角色,无论是通过SQL还是通过应用程序页面,应用程序在一段时间内似乎都无法识别它,它会发生变化。它可能会立即收集,也可能需要5-10分钟甚至更长的时间。这样做的问题是,在他们的角色被更改后,他们仍然能够访问他们不应该被允许的页面。如果您查询所做更改的表,则更改将对数据库端产生影响。这似乎并没有发生在我的项目的其他地方。编辑另一个表似乎很好地反映了这些变化。
自定义授权属性:
private QIEducationEntities db = new QIEducationEntities();
public String Roles { get; set; }
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
String userName = httpContext.User.Identity.Name.Split('''')[1];
User user = db.Users.Include("UserRole").FirstOrDefault(u => u.UserName == userName);
if (user != null) {
String[] rolesList = Roles.Split(',');
foreach (String role in rolesList)
{
if (user.UserRole.UserRole1 == role)
{
return true;
}
}
}
return false;
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
Uri requestUrl = filterContext.HttpContext.Request.UrlReferrer;
if (requestUrl != null)
{
filterContext.Result = new RedirectResult(requestUrl.ToString());
filterContext.Controller.TempData["PopupMessage"] = "You are not currently authorized to view that page.";
}
else
{
filterContext.Result = new RedirectToRouteResult(
new RouteValueDictionary {
{ "action", "NotAuthorized" },
{ "controller", "Admin" }
});
}
}
编辑用户的角色动作(也显示属性):
//
//GET: Admin/EditUser
[AuthorizeUser(Roles = "Admin")]
public ActionResult EditUser(int id)
{
User user = db.Users.Single(u => u.UserID == id);
if (user == null)
{
return HttpNotFound();
}
ViewBag.Roles = new SelectList(db.UserRoles, "UserRoleID", "UserRole1", user.UserRole);
return View(user);
}
//
//POST: Admin/EditUser
[AuthorizeUser(Roles = "Admin")]
[HttpPost]
public ActionResult EditUser(User user)
{
if (ModelState.IsValid)
{
db.Users.Attach(user);
db.ObjectStateManager.ChangeObjectState(user, EntityState.Modified);
db.SaveChanges();
return RedirectToAction("AllUsers");
}
ViewBag.Roles = new SelectList(db.UserRoles, "UserRoleID", "UserRole1", user.UserRole);
return View(user);
}
视图(如果相关):
@using (Html.BeginForm())
{
@Html.ValidationSummary(true)
@Html.HiddenFor(model => model.UserID)
<table class="table">
<tr>
<th class="table-row">
User Name:
</th>
<td class="table-row">
@Html.DisplayFor(model => model.UserName)
@Html.HiddenFor(model => Model.UserName)
@Html.ValidationMessageFor(model => model.UserName)
</td>
</tr>
<tr>
<th class="table-row">
Role:
</th>
<td class="table-row">
@Html.DropDownListFor(model => model.Role,
@ViewBag.Roles as SelectList, "",
new { @class = "chzn-select", data_placeholder = " -- Select Role -- " })
@Html.ValidationMessageFor(model => model.UserRole)
</td>
</tr>
<tr><td class="table-row-blank"></td></tr>
<tr>
<td class="table-row-button">
<input class="button" type="submit" value="Submit" />
<input type="button" class="button" value="Cancel"
onclick="location.href='@Url.Action("AllUsers")'" />
</td>
</tr>
</table>
}
@section Scripts {
<script type="text/javascript">
$(document).ready(function () {
//DropDownList chosen plugin hook-up
$('.chzn-select').prepend("<option></option>")
$('.chzn-select').chosen({ width: "100%" });
});
</script>
}
所以,有没有什么东西稍微偏离编辑时,数据库上下文在我的项目没有捡起的变化?
或者在数据库上下文中"更新"值之间是否存在一定的时间间隔?
提前感谢。
尝试在AuthorizeCore方法中实例化(并处置)您的QIEducationEntities类。框架正在缓存您的AuthorizeUser动作过滤器和db实例变量。将其移动到AuthorizeCore将确保为每个请求创建它。