FluentSecurity Ignore NonAction Methods

As per http://msdn.microsoft.com/en-us/library/system.web.mvc.nonactionattribute(v=vs.118).aspx, it would be reasonable to exclude nonaction methods.

I think it would suffice to change:

    internal static bool IsValidActionMethod(this MethodInfo methodInfo, bool allowActionMethodsReturningVoid)
    {
        return
            methodInfo.ReturnType.IsControllerActionReturnType(allowActionMethodsReturningVoid) &&
            !methodInfo.GetCustomAttributes(typeof(NonActionAttribute), false).Any() &&
            !methodInfo.IsSpecialName &&
            !methodInfo.IsDeclaredBy<Controller>();
    }

NOT TESTED. If the feature is accepted, I can modify this.

Mar 14 '14 14:03 hernangm

Good catch! I did not even know such an attribute existed. When was this introduced? I'll add it to the todo list. Thanks...

Mar 14 '14 17:03 kristofferahl

I will take a stab at this over weekend and send PR if possible.

Apr 18 '14 17:04 chandu

@Chandu Great!! Looking forward to it.

Apr 18 '14 17:04 kristofferahl

@kristofferahl @hernangm Pushed working implementation of the this feature to branch on my fork. Am not sure if this needs any changes to FluentSecurity.Testing. Can you take a look @ https://github.com/Chandu/FluentSecurity/commit/2f6e453c2eed81b04f17aabe03dfff72d013d196 and see if something is missing?

Apr 19 '14 15:04 chandu

Looks good! I think you can go ahead and make this a pull-request to the develop branch and merge it. :)

Apr 21 '14 17:04 kristofferahl

Merged the changes to develop. Merge commit: 2a05263be

Apr 22 '14 01:04 chandu

Great @Chandu! Just checked and there is now a nightly build available containing this fix.

https://www.myget.org/gallery/fluentsecurity FluentSecurity.v2.1.0-build452

Apr 22 '14 07:04 kristofferahl

FluentSecurity FluentSecurity copied to clipboard

Ignore NonAction Methods

FluentSecurity
FluentSecurity copied to clipboard