I'm creating an app that's using Active Directory groups for authentication. What are the best practices for controlling authorization of UI elements (links, content, images, etc)? For example, I have some links that only certain groups can access. I understand using Authorize attribute to control which groups can access a given Action for a controller, but how do you manage different groups that need to access the same Action?
I suppose I can have logic in the the controller for a given action that loads different views for different groups. Something like this:
public ActionResult Show(int id)
{
var viewModel = [Get Data FROM MODEL](id);
var viewName = "";
if(user.IsInRole(Roles.Admin))
{
viewName = "AdminView";
}
if(user.IsInRole(Roles.Supervisor))
{
viewName = "SupervisorView";
}
if(user.IsInRole(Roles.HR) || user.IsInRole(Roles.Accounting))
{
viewName = "HRAccountingView";
}
return View(viewName, viewModel);
}
But this seems like a maintenance nightmare.
I suppose I could use IsInRole in a single view, but that just pushes the problem from the controller to the view and introduces business logic into the view which isn't a good thing. Is there a better, more elegant approach for managing authorization of UI content? Thanks in advance.