ansaurus

Question

Could I make dynamic render rely User Permissions in MVC 2 ?

Answer 1

+1 A:

Brian - i don't think this is a good idea to 'hide' the admin parts. you basically then just expose to logic to anyone opening the html in 'view source' mode. it would be better to have an admin view and a 'normal' view and just do a case statement in the contoller action to deliver the appropriate view where required (still not the best option, but far better than hiding fields). better still, have a master view that contains partialviews which are only rendered if it's the correct user type etc..

just my 'view' on the topic.. jim

jim 2010-07-26 11:38:14

It wouldn't be exposed at this point, the rendered html shouldn't contain anything that isn't applicable for the user's role.

Matthew Abbott 2010-07-26 11:42:52

matthew - i've probably phrased the above incorrectly. basically, i was describing an approach as per your example (with the exception of doing a little check inside the action for the usertype). i've given you the +1 on that :)

jim 2010-07-26 11:53:55

Answer 2

A:

You can do either A or B

a) Create partial views for the various elements that change and do something like

<% if (HttpContext.Current.User.IsInRole("Administrator"))
   {
      Html.RenderPartial("AdminStuff");
   }
   else
   {
      Html.RenderPartial("RegularStuff");
   }
%>

b) Set the role in your viewdata/viewmodel and use it in the code (not recommended as the view should really contain no logic)

In the controller

ViewData["Admin"] = HttpContext.Current.User.IsInRole("Administrator");

In the view

<% if ((bool)ViewData["Admin"]) { %>
    <!-- Show admin stuff  -->
<% } %>

Wil 2010-07-26 11:40:18

Answer 3

+1 A:

Within your views, you can do conditional checks, such as:

<% if (User.IsInRole("Admin")) { %>
    <a href="#">An Admin-only link</a>
<% } %>

In partial views, the User property is not exposed, but you can still do it:

<% var user = HttpContext.Current.User; %>

<% if (user.IsInRole("Admin")) { %>
    <a href="#">An Admin-only link</a>
<% } %>

Matthew Abbott 2010-07-26 11:41:44

Answer 4

A:

Thanks to all for your answers. I see that view dynamic render is a bad practic in mvc applications. I'm used to think that there can be some libraries or templates.

BTW When i told to my PM that a string with roles is a common pattern he sad "Hard code!!!!". Now I'm designing some WCF service with will be an "Aplication Authoriser" ))).

Brian J. Hakim 2010-07-26 14:14:33

Answer 5

A:

Everyone here seems to forget that there is css for such stuff. You can do the thing you want very easily, at least I am doing at already, and it's working flawlessly.

Let me give you a simple example

Make sure your operations buttons/regions have defined css classes

css class: MODULE-OPERATION

e.g. Module User Operations: Add, Edit, Delete, List

<a href="/user/add" class="USER-ADD">Add User</a>

Whenever changing (adding/updating/deleting) roles, you generate a css file for each role e.g. You decide that only administrators can add users so this css is generated

//admin_css.css

.USER-ADD { display: none; }
Everytime the page is opened you check what role the user has, and based on the role, you load the css file in you header. So your gui correlates to the logic you have in your application without so much hassle.

Flakron Bytyqi 2010-07-26 14:23:59

ansaurus

tags:

views:

answers:

Could I make dynamic render rely User Permissions in MVC 2 ?

related questions