Databases
StackOverflow2013
Postsdbo
POASP.NET MVC: Dynamically rendering controls based on user's access
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POASP.NET MVC: Dynamically rendering controls based on user's access
    primarykey
    data
    text
    <p>In my application, I have two roles: Administrators and Users. Administrators can assign Users to allow them to perform specific functions to a specific object.</p> <p>Since this goes beyond the scope of what the SimpleMembership Roles can provide, I have a static helper method that checks whether a user has access to a specific function:</p> <pre><code>public static class SecurityCheck { public static bool UserHasAccess(int objectId, string functionName) { // Decorates the security provider -- gets logged in User ID and calls to a repository to query the database // ... } } </code></pre> <p>Which I can then use in my views to determine whether or not a specific function should be rendered for that user based on the object's ID:</p> <pre><code>@foreach (var item in Model.FooData) { &lt;tr&gt; &lt;td&gt; @Html.DisplayFor(modelItem =&gt; item.Name) &lt;/td&gt; &lt;td&gt; @Html.DisplayFor(modelItem =&gt; item.Notes) &lt;/td&gt; &lt;td&gt; @Html.ActionLink("View Data", "View", new { @id = item.Id }) @if (SecurityCheck.UserHasAccess(item.id, "Edit Data")) { @Html.ActionLink("Edit Data", "Edit", new {@id = item.Id}) } @if (SecurityCheck.UserHasAccess(item.id, "Delete")) { @Html.ActionLink("Delete", "Delete", new {@id = item.Id}) } &lt;/td&gt; &lt;/tr&gt; } </code></pre> <p>I have to believe there is a better way to do this, since each individual call to the static method involves a separate round-trip to the database, but I am stuck on where the best place would be to put the code. Some thoughts I have considered:</p> <ol> <li>Adding methods to my ViewModels to pass a list of functions to a repository, returning a list of the functions the user can perform for each object. Thinking about this further, I'm not even sure this is possible, as ugly as it would be.</li> <li>Keep the ViewModel dumb, and have my application layer service fetch the available functions. This would involve adding additional properties to my domain model objects, which I am not crazy about.</li> <li>Create a separate service that can be called from the controller that can populate the function list to the ViewModel. This would involve having multiple services injected into each controller -- also not crazy about this.</li> </ol> <p>I'm leaning towards #2., but I still feel like I am overlooking what would be a more solid implementation. Has anyone dealt with something similar to this before?</p>
    singulars
    1. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. PTQuestion
    1. USbnice7
    1. USbnice7
    plurals
    1. PL
      singulars
      1. LTLinked
    2. PL
      singulars
      1. LTLinked
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    2. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. This table or related slice is empty.
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload