First of all, you'll want to perform server-side authorization as well. Anyone can impersonate your client and call your controllers directly, circumventing your client-side authorization.
But here's what I'd do:
Create an AuthorizationService to store this business logic centrally. It'll have methods like:
public bool CanEditSomeObject(Guid userId, Guid objectId)
Use this AuthorizationService inside your controller (or another service referenced by the controller) to construct the ViewModel with all the authorization information that view will need.
[AcceptVerbs(HttpVerbs.Get)]
public ActionResult Edit(Guid id)
{
bool currentUser = _userService.GetUser(User.Identity.Name);
bool canEditSomeObject = _authenticationService.CanEditSomeObject(currentUser.Id, id);
var viewModel = new SomeObjectViewModel {CanEditSomeObject = canEditSomeObject};
return View(viewModel);
}
Make your view strongly typed and modify the HTML based on the model. You could use things like partial views to make this cleaner. But you'll just hide, disable, or not include HTML for things the current user doesn't have access to.
<%= if (Model.UserCanEdit) Html.RenderPartial("EditForm.ascx") %>
In addition, if you need to change things dynamically on the client-side (e.g., user does action a, so now they can perform action b) you can use JQuery to manipulate the HTML. You can even use JQuery to call into your controller to ask it questions if you want (see this question), but I'm not sure that's necessary.