I can do authorization easily on the controller actions using the Authorization attribute. But how do I render views as easily as using Authorization attribute?
For example, if I have a menu and the user is unauthorized for certain menus, how would I hide those menu items?
Let's say I have a page that renders a table with add/edit/delete links. I have controller actions that correspond to those links and so the unauthorized user cannot perform those actions. But I'd like to go further by hiding them altogether.
What I have now is a spaghetti of a mess that checks for user permissions in the view - whole bunch of <% if (user.hasPermission(..) { %> ... <% } %>. It's unruly.
What strategies are there to mitigate this mess? Certainly I can't be the first one to have run into this dilemma.