I am trying to secure a controller action to prevent a user from accessing an Entity that they do not have access to. I am able to do this with the following code.
public ActionResult Entity(string entityCode)
{
if (CurrentUser.VerifyEntityPermission(entityCode))
{
//populate viewModel...
return View(viewModel);
}
return RedirectToAction("NoAccessToEntity", "Error");
}
I would like to be able to add an attribute to the controller action itself. In order to validate the access to the entity, I need to see what value has been passed to the controller and what entities the user has access to. Is this possible?
[EntityAuthRequired]
public ActionResult Entity(string entityCode)
{
//populate viewModel...
return View(viewModel);
}