Which action is executing as a strongly typed object.

Question

I would love to be able to get some strongly typed way of knowing which action is executing.

To clarify im doing AOP where I only allow access to a given action if the user has rights for that action.

The problem with using a string for determining which rule to check for, is that if some developer renames an action, I wont get a compile error telling me that my rule is broken.

Any ideas??

Answer 1

Develop an attribute that performs your check. Apply the attribute, with any necessary options, to the actions that you want to protect. Write unit tests that check that the actions in question exist and are decorated with your attribute (with the proper options). In your attribute you needn't know what action is executing, just whether the current user passes the tests as configured by your attribute's options.

I have a couple of different attributes that I've derived from AuthorizeAttribute that do exactly this sort of thing.

 public class RequiresEmailAttribute : AuthorizeAttribute
 {
      ... implements the logic to test whether the current user
      ... has an email address and redirects to error view if no
      ... email address is found
 }

 [RequiresEmail]
 public ActionResult SendEmail( string to )
 {
    ....
 }

Answer 2

Well the reason i didn't go for this solution is that i would like to configure this outside my controller. Im not sure i can get the best of both worlds, but I am hoping to devise some solution.