具有分层组织角色的应用程序角色

    public class OuController : BaseController {
    private readonly IOrganizationUnitRepository repo;

    public OUController(IOrganizationUnitRepository repo) {
      this.repo = repo;
    }

    public ActionResult Details(string site) {

      //Get the site we are viewing
      var ou = repo.GetouByName(site);

      //make sure the site really exists
      if (ou != null) {

        //Get all the roles for the current user via the role provider
        //will return the sites they are able to manage along with
        //any application roles they have
        var roles = ((RolePrincipal)User).GetRoles().ToList();

        //Get all the parents of the current ou,this will include itself
        var parents = repo.GetParents(ou,new List<OU>());

        //create a new viewmodel object
        //ou is used for details obvIoUsly
        //parents are used for a breadcrumb
        var model = new Organizationalviewmodel(ou,parents);

        //if a user has no roles,there is no way he can possibly edit
        if (roles.Any()) {
          if(roles.Contains(InfoRoles.Administrator.ToString())) {

            model.CanEdit = true;

          } else if(parents == null) {

            //If there are no parents,check if this ou is in users list of roles
            model.CanEdit = roles.Contains(ou.displayName);

          } else {

            //check to see if any of the roles i have are parents of the current ou
            model.CanEdit = parents.Any(c => roles.Contains(c.displayName)); 

          }

        }

        return View(\"Details\",model);

      }

      return View(\"NotFound\");

    }
  }
}