views:

6690

answers:

5

I want to dynamically add menuitems to my master page based on membership security login role. From what I've read RenderAction in the master page html could perhaps do this. Since I'm fumbling thru this I am not sure how it would look and how in the controller I check my current role. I am considering creating a table and relating the allowable menu items to role relationship so I can pass to the master page for rendering the dynamic menu items. Any suggestions answers or comments appreciated. Thanks - Mike

+6  A: 

In the controller, I would create a MenuModel class or the like, that is the model for your menu. It would be a data only class. Create and populate it in the controller, taking into consideration the current user's access permissions. This will allow you to write unit tests that ensure your security code is correct.

Then I'd pass that to the view via ViewData. I'd combine that with a helper method that knows how to render the menu based on the MenuModel class.

Haacked
A: 

I'm a newbie to MVC - do you have a sample or pseudocode?

MikeD
+1  A: 

I'm not sure if this is what you are looking for, but I had a question along the same lines a few weeks ago:

http://stackoverflow.com/questions/121000/stuck-creating-a-security-trimmed-htmlactionlink-extension-method

This allowed me to extend a menu in the master page (or any other page) controlling the access to the menu items through the Authorize attribute:

Here is my code to do this.

robDean
+1  A: 

If these "roles" are ASP.NET Membership roles, then you can use the regular LoginView control with the RoleGroup tag. It works fine in MVC, I've found. If the "roles" are something different (e.g., something in your model), then do what Haacked writes.

Craig Stuntz
A: 

The roles are ASP.NET membership roles and the LoginView with the RolesGroup worked great. Thanks!

MikeD