I can do authorization easily on the controller actions using the Authorization attribute. But how do I render views as easily as using Authorization attribute?
For example, if I have a menu and the user is unauthorized for certain menus, how would I hide those menu items?
Let's say I have a page that renders a table with add/edit/de开发者_如何学Pythonlete links. I have controller actions that correspond to those links and so the unauthorized user cannot perform those actions. But I'd like to go further by hiding them altogether.
What I have now is a spaghetti of a mess that checks for user permissions in the view - whole bunch of <% if (user.hasPermission(..) { %> ... <% } %>. It's unruly.
What strategies are there to mitigate this mess? Certainly I can't be the first one to have run into this dilemma.
I think a "security trimming" ActionLink helper would solve your problem nicely:
"Security aware" action link?
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论