Disable link is user is not allowed to access target | ansaurus

tags:

asp.net
mvc

views:

25

answers:

2

+1 Q:

Disable link is user is not allowed to access target

Hi,

I have created an ASP.NET MVC application and created different kind of roles for my users. I have then created different kinds of AuthorizeAttributes for allowing/disallowing access to different Actions in my controls.

However I have got a lot of links that points to different of theese actions that are restricted for different roles. Can you somehow fix so that theese links get disabled automatically? I could of course add a lot of UserIsInRole(....)-stuff in my code but I really would prefer not to if there is a better way.

Du you have any suggestions?

+1 A:

Are they in a list or menu? Is this something your controller could pass to your View? you could pass out a list of all allowed (or forbidden, whichever is more appropriate) and check that before you display a link.

if (allowedLink.Contans(myLink)
// show enabled link
else
//show disabled

The other good way would be to override the HtmlHelper for ActionLinks and make it do the check for permissions for you. Then if they do not have permissions, your html helper would display it disabled.

For examples, see this link http://www.asp.net/learn/mvc/tutorial-09-cs.aspx

Russell Steen 2009-10-14 13:26:37

Oh, the second tip you gave me sounds like the way to go for me. Can you give me some code hints?

Freddy 2009-10-14 13:35:12

Added a link to a good tutorial on the topic.

Russell Steen 2009-10-14 13:49:23

A:

Loadmaster 2009-10-14 13:51:13

He's not asking how to disable, he's asking how to disable based on user permissions in a non-hacked-up fashion

Russell Steen 2009-10-14 15:12:20

In that case, I'd add an attribute to each link, something like `canDo="xxx"`, which specifies the capability required for that link to work, then use Javascript to enable/disable the links dynamically, based on what capabilities the user actually has.

Loadmaster 2009-10-14 20:26:40

related questions

Is it better to create Model classes, or just stick with generic database utility class?

What are effective options for embedding video in an ASP.NET web site?

Visual Studio 2008 debugger already attached work-around

Tracking state using ASP.NET AJAX / ICallbackEventHandler

ASP.NET Display SVN Revision Number

ASP.NET URL Rewriting

How can I change the background of a masterpage from the code behind of a content page?

Easy way to AJAX WebControls

How do I define custom web.config sections with potential child elements and attributes for the properties?

ASP.NET MVC "CRUD" Database Sample

Are Multiple DataContext classes ever appropriate?

How to RedirectToAction in ASP.NET MVC without losing request data

Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?

ASP.NET built in user profile, Vs old stile user class/tables

What's a good book for learning ASP?

Bandwith throttling in IIS 6 by IP Address

ASP .Net Custom Client-Side Validation

How to get the value of built, encoded ViewState?

Decent, simple, GIS/mapping component for ASP.NET?

Checklist for IIS 6/ASP.NET Windows Authentication?

How to write to Web.Config in Medium Trust ?

ASP.NET, Visual Studio and Subversion - how to integrate?

Floating Point Number parsing: Is there a Catch All algorithm?

How do I sync the SVN revision number with my ASP.NET web site?

ASP.NET Site Maps