In .Net, you can add secure attributes to the controller, then override such attribute in the Action by AllowAnonymous.
In Nop, I have a controller in admin area that uses AdminAuthorizeAttribute, then what is the override attribute for actions that I want to allow non-admin to call?
Search up and down on the net, and in source code. Can't find any clue
You could just check using one of the customer extension methods - e.g. _workContext.CurrentCustomer.IsRegistered()
But, if you want more granular permissions, nopC has its own permissions system. It uses _permissionService.Authorize
e.g. ManufacturerController public ActionResult List() { if (!_permissionService.Authorize(StandardPermissionProvider.ManageManufacturers)) return AccessDeniedView();
To create/use custom permissions, see the built-in Misc.WebServices plugin.
I know this thread is a few years old, but as it happens, I just had to accomplish this a few moments ago. I did a quick scan on the forums and not much else besides this thread was popping up.
In my case (3.8), it was the Download Controller that a client needed to make the DownloadFile anonymous.
Similar to the ProductController higher up in this thread, in 3.8 + I have the following;
Looking at the ootb classes, we have;
public partial class DownloadController : BaseAdminController
And BaseAdminController has the following class level attributes; [NopHttpsRequirement(SslRequirement.Yes)] [AdminValidateIpAddress] [AdminAuthorize] [AdminAntiForgery] [AdminVendorValidation]
Now, the goal was to Allow Anonymous for DownloadFile method within the controller but not override anything else. Essentially, for Registered users, they needed to download a pdf from www.blah.com/Admin/Download/DownloadFile?downloadGuid=guid
Adding [AllowAnonymous] attribute to the function was not enough. I had to add OverrideAuthorization as well.
So to answer the original question in this thread... do something like the following;
[OverrideAuthorization] [AllowAnonymous] public ActionResult DownloadFile(Guid downloadGuid) { ...
This will allow a user who has no role that has "allow admin access" acl associated to it, to successfully make a function call within an admin controller.
What is the namespace of the OverrideAuthorization attribute? I cannot find it so I can add it to my controller to allow anonymous calling of a method in a plugin.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.