tags:

views:

231

answers:

1
Q: 

Generic Type Model Binding and the BindAttribute

I'm running into an issue with the bind attribute in asp.net mvc. I have a custom ViewModel that looks like this:

public interface IUserView<TUser> where TUser : User
{
    TUser User { get; set; }
    string Email { get; set; }
    string ConfirmEmail { get; set; }
    string Password { get; set; }
    string ConfirmPassword { get; set; }
}
public class EditUserView<TUser> : IUserView<TUser> where TUser : User
{
    public virtual TUser User { get; set; }

    [ValidateRegExp(RegexConstants.Email, "Invalid Email.")]
    [ValidateNonEmpty("email is required.")]
    public virtual string Email { get; set; }

    [ValidateSameAs("Email", "confirmation email does not match.")]
    public virtual string ConfirmEmail { get; set; }


    public virtual string Password { get; set; }

    [ValidateSameAs("Password", "confirmation password does not match.")]
    public virtual string ConfirmPassword { get; set; }
}

and a method to submit this that looks like this:

public ActionResult SubmitProfile([Bind(Exclude="IsSystemAdmin")]EditUserView<Admin> iuserview)

if you look at the above method you'll notice the bind attribute with 'Exclude="IsSystemAdmin"'. The admin model has a boolean property named "IsSystemAdmin" that bumps their permission level up. Now obviously I don't want an admin to be able to make themself a system admin just by posting back a true value for this field.

I have tried both "IsSystemAdmin" and "User.IsSystemAdmin" in the exclude property and neither of them stop the IsSystemAdmin variable from getting updated. Is there a way to make the bind attribute work in this scenario, or is this a bug in the Default model binder?

+1  A: 

Have you tried using the Bind attribute on the TUser class itself

[Bind(Exclude = "IsSysAdmin")]
public class TUser 
{

}

I think that because of the importance of this property you will never want this to be set by a model binder and hence the bind on the class will be ok. Most likely you increase an Admin to sysadmin by explicitly setting the flag on an action.

I am very wary of binding any Model classes directly from form posts. I have specific form classes for the bind and update model classes in my repository layer only via another service layer.

madcapnmckay  2009-08-08 14:39:39

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?