28199

How to handle action based permissions in MVC

Question:

I'm new to MVC and I would like to get suggestions on how to best handle action based permissions in my application.

I currently have some global permissions being checked at the controller level which work fine for rendering views the current user has access to, etc.

However, once the view has been rendered, I want to make decisions such as 'enable DELETE button, ONLY IF user has delete permissions for the item currently selected' At that point, those permissions are no longer Global but based on the context of the object selected.

How should I write my code to handle this type of scenario?

Answer1:

By Default your Views have access to the User Object.

You can check on the View if User.IsInRole("myDeleteRole").

or

@if(User.IsInRole("MyDeleteRole")) { <input type="subtmt" value="Delete"> }

I don't know if this is the best way, but its what i have done in the past

I guess another way would be to write seperate Views depending on what rights a user has. that way you could do the logic on the controller and send the user to the specified view

if(User.IsInRole("MyDeleteRole") { return View("MyDeleteView", vm) } else { return View("NoDeleteView", vm) }

Recommend

  • Can an implementation specify undefined behavior
  • File and Folder Manipulation in Powershell
  • View, how gcc plan (schedule) instructions on tick-by-tick level
  • Should I create an object or work with an array?
  • Anybody have any idea how the divs are emitted in pinterest.com?
  • Setting color in a row of a Jtable
  • Conditional render in tagfile depending on whether the attribute is specified or not
  • Issue with routerLink directive
  • What causes the runtime difference in this trivial fortran code?
  • Wrong labels when plotting a time series pandas dataframe with matplotlib
  • Updating Dojo provide
  • Defined variables not working in javascript files when I use getScript
  • Azure table store snapshot/backup capability
  • How can I display the parent menu item's description using Wordpress walkers?
  • How to disable all widgets inside Panel or inside Composite?
  • Security issues with PHP's Readfile method
  • What and where is mdimport
  • Alternative To body {overflow:scroll;} That Will Prevent Page Jostling/Wriggling?
  • Chrome doesn't support silverlight anymore? How to solve this?
  • Android fill_parent issue
  • Adding a button at the bottom of a table view
  • Getting last autonumber in access
  • Azure Cloud Service Web Role web pages do not load
  • jquery mobile loadPage not working
  • Delete MySQLi record without showing the id in the URL
  • Properly structure and highlight a GtkPopoverMenu using PyGObject
  • Apache 2.4 - remove | delete | uninstall
  • GridView Sorting works once only
  • Cannot Parse HTML Data Using Android / JSOUP
  • Windows forms listbox.selecteditem displaying “System.Data.DataRowView” instead of actual value
  • Unit Testing MVC Web Application in Visual Studio and Problem with QTAgent
  • Benchmarking RAM performance - UWP and C#
  • How can I get HTML syntax highlighting in my editor for CakePHP?
  • How get height of the a view with gone visibility and height defined as wrap_content in xml?
  • Getting Messege Twice Using IMvxMessenger
  • Authorize attributes not working in MVC 4
  • Busy indicator not showing up in wpf window [duplicate]
  • Python/Django TangoWithDjango Models and Databases
  • Net Present Value in Excel for Grouped Recurring CF
  • How to load view controller without button in storyboard?