Action with AuthorizeAttribute or Dynamic UI in MVC 2 - Best practice?

Question

There's so much I'm enjoying with asp.net MVC 2...but sometimes I feel like I'm trying to find a needle lurking in that haystack by beating it with a stick.

So. I have a list of objects. I have a strongly-typed view, which lists those objects. I have data annotations coming back just lovely, and all is well and good.

Now I want to create an admin view of that very same list. Do I:

1. Create a new view, called AdminList, and put all the administrative goodies in there (CRUD!), in a new action in the same controller, and decorate both actions with [Authorize], or

2. Modify the existing view, so that it dynamically detects the role of the current user and enables/disables admin functionality appropriately, or

3. Some third option?

I'm looking for the cleanest, least brittle approach.

TIA!

Answer 1

I would recommend you externalizing common parts in reusable partials and in the main view depending on the user role enables/disables admin functionality. Also it's not the view responsibility to test the user roles, this should be done by the controller and include this information into the view model (like a boolean property ShouldDisplayAdminPanel) so that the view decides whether or not include partials.