Databases
StackOverflow2013
Postsdbo
PO
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    primarykey
    data
    text
    <p>Authorization can be done based on user roles.</p> <p>While creating authorization, we always keep in mind that it should dynamic. New user group will come having different permissions. So what I am suggesting is to have the information in a database. </p> <p>For eg</p> <p>User Group Admin Normal Users Resturants</p> <p>Roles All Privileage Basic Privilage Intermediate Privileage</p> <p>You need to use action filters to obtain this. <a href="http://msdn.microsoft.com/en-us/library/dd410209(v=vs.100).aspx" rel="nofollow">http://msdn.microsoft.com/en-us/library/dd410209(v=vs.100).aspx</a></p> <p>Next we need to assign privilages to each roles</p> <p>All Privileage - addUser, addResturant, etc (you can use friendly names for administrative purpose. It can be displayed in UI, but we need to store controller name and action name.In case of addUser , friendly name will be Add User and we store like below</p> <pre><code>ActionsTable (actionId, friendName, Controller, Action) 1 -Add User - Users - Add RolesActionMapTable (roleId, actionID) 1-1 RolesTable (RoleId,Role Name,Desc) 1-AllPrivileage GroupsTable (GroupId, GroupName) 1-Admin GroupRoleMap (groupId, roleID) 1-1 </code></pre> <p>Create a custom Autorize attriute by inheriting authorize attribute and apply it as filter for all methods. There is an overloaded function, and you can check the user is allowed to access that action there. Hence you can block the unauthorized access.</p> <p><strong>EDIT</strong></p> <p>From the route data we can identify the controller and action, so we can query db using the userID, controller and action that whether is allowed or you can get the users group and check that it was included the permission to access this</p> <p><strong>EDIT 2</strong></p> <pre><code>public class CustomAuthorizeAttribute: AuthorizeAttribute { protected virtual bool AuthorizeCore( HttpContextBase httpContext) { // 1.Httpcontext can gives you the controller and action // 2. retrive the group of user and check the user is allowed to execute this action // 3. if allowed, then return true else return false. // 4. You can redirect to another page saying you are not allowed to access this action } ) } //In controller public class EmployeeController: Controller { [CustomAuthorize] public Create() { } } </code></pre> <p>Hope this helps</p>
    singulars
    1. This table or related slice is empty.
    1. POUsers with different capabilities
      singulars
      1. PTQuestion
    1. PTAnswer
    1. USkbvishnu
    1. USkbvishnu
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    1. COThanks. I'm a little confused now :D Is there a tutorial with code samples to help me?
      singulars
      1. PO
      1. USAlireza Noori
    2. COI have the same situation one year back. I am not in position to share the code and let me search some tutorials http://stackoverflow.com/questions/11829937/how-to-show-or-hide-controls-based-on-roles-asp-net-mvc-4-razor
      singulars
      1. PO
      1. USkbvishnu
    3. COThank you very much. Could you please kindly help me to update my models? I want to have a user to have the basic information and based on the user type, get the extended info for him/her. Should I use: `public virtual string Reestaurant ID { get; set; }` or `public virtual Restaurant Restaurant { get; set; }`
      singulars
      1. PO
      1. USAlireza Noori
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload