views:

79

answers:

2

So, I am in a situation, where I need to display a different view based on the "Role" that the authenticated user has.

I'm wondering which approach is best here:

[Authorize(Roles="Admin")]
public ActionResult AdminList(int? divID, int? subDivID) 
{
    var data = GetListItems(divID.Value, subDivID.Value);
    return View(data);
}

[Authorize(Roles = "Consultant")]
public ActionResult ConsultantList(int? divID, int? subDivID)
{
    var data = GetListItems(divID.Value, subDivID.Value);
    return View(data);
}            

or should I do something like this

[Authorize]
public ActionResult List(int? divID, int? subDivID)
{
    var data = GetListItems(divID.Value, subDivID.Value);
    if(HttpContenxt.User.IsInRole("Admin") 
    { return View("AdminList", data ); }

    if(HttpContenxt.User.IsInRole("Consultant") 
    { return View("ConsultantList", data ); }

    return View("NotFound");
}
+3  A: 

In the case where the action is conceptually the same, but the display is different, I would have one action and return different views depending on your discriminator. I'd go with your second example, slightly modified. Note that there is no need to get the data if the user isn't in an appropriate role.

[Authorize] 
public ActionResult List(int? divID, int? subDivID) 
{ 
    var view = HttpContext.User.IsInRole("Admin")
                   ? "AdminList"
                   : (HttpContext.User.IsInRole("Consultant")
                         ? "ConsultantList"
                         : null);
    if (view == null)
    {
        return View("NotFound");
    }

    var data = GetListItems(divID.Value, subDivID.Value); 

    return View( view, data );
}

You realize, of course, that you have the potential for an unhandled exception when you refer to the Value of a potentially null Nullable<int>, correct?

Also, you could, if doing this frequently, refactor the construction of the view prefix into a common method.

public string GetRolePrefix()
{
    return HttpContext.User.IsInRole("Admin")
                   ? "Admin"
                   : (HttpContext.User.IsInRole("Consultant")
                         ? "Consultant"
                         : null);
}

Then call it as

...
var prefix = GetRolePrefix();
if (prefix == null)
{
    return View("NotFound");  // more likely "NotAuthorized" ???
}

...get model...

return View( prefix + "List", data );
tvanfosson
Yes, the code I posted is abbreviated... ;)
Nate Bross
+3  A: 

I prefer the second method, however I think your controller could be tidied up a bit. There's too much logic in there for my liking, which could potentially grow as more roles are added.

One approach would be to refactor the ugly role checking code into a service layer (which could be injected if you're using an IoC container):

[Authorize]
public ActionResult List(int? divID, int? subDivID)
{
    var permission = _userService.GetKeyRole(HttpContext.User);
    if(permission != null) 
    {
       var data = GetListItems(divID.Value, subDivID.Value);
       return View(permission + "List", data );
    }
    return View("NotFound");
}

And the extracted method:

public class UserService : IUserService
{
    public string GetKeyRole(IPrincipal user)
    {
        if(user.IsInRole("Admin")) return "Admin";
        if(user.IsInRole("Consultant")) return "Consultant";
        return null;
    }
}
richeym