Geek Answers Handbook

How to save opinions without authorization logic in mvc?

I have a view to display a list of items. The user can edit, delete, or create new elements, but according to their authority, they may or may not be allowed to perform some of these actions.

I have a requirement to display only those actions that the current user can perform, but I do not want to clutter up views with if-else authorization

Let be a very general requirement, I cannot find a real satisfactory way to make it.

My best approach so far is to overload the extension method Html.ActionLink, which requires permission to query, but there will be more complex scenarios like hiding whole html blocks or switching the text box for label + hidden.

Is there a better way to do this?

+5
source share
5 answers

, , - Html.RenderAction(: http://msdn.microsoft.com/en-us/library/ee703490.aspx), , ( ). RenderAction, , , , , .

:

<% Html.RenderAction("Permissions" /* Controller */, "PermissionLink", new { Url = "Admin.aspx" }); %>

- :

public ActionResult PermissionsLink (string url)
{
     // Do Whatever kind of Authentication you want here, Session is available, etc

     if(authenticated)
        return View("Link");
     else
        return View("Blank");
}
+2

. , , html, .

0

, , ?

, - , , , , .

, , ​​, , - , .

, View , "" .

0

, , :

ViewModel

public class ModelView
{
    private IAuthorisationService { get; set; }

    public bool CanShow
    {
        ...
    }
}

:

<% if(Model.CanShow) { %>
    <html>
<% } %>
0

. . , , , .. , . , -, . , .

:

  • , ,
  • , (.. ViewModel), (, " - admin", " - " ..).
  • Let the view draw correctly using only the precompiled data provided by the controller.

This also has the advantage that the view itself can be removed and replaced without any effect on the controller.

0
source

More articles:


All Articles