Better way to architect the way I'm doing user permissions on view fields_问答_开发者

Better way to architect the way I'm doing user permissions on view fields

开发者 https://www.devze.com 2023-02-03 17:46 出处：网络

So currently in our code, we have a bunch of classes around accessing roles and permissions for specific users logged into the web application. This is built fine, and works well. However, a certain requirement that has come up now is not only the ability to restrict certain pages (whole views) to certain permissions, but also specific fields on those views. So you might have the ability to see a view, but you might only have a permission that lets you see certain fields on that page.

We generate most of our fields using HTML Helpers with in ASP.NET/C#. For example here is one that we need to block/show depending on a permission:

<%= Html.CheckBoxFor(m => m.Current, new { @class = "economicTextBox", propertyName = "Current", onchange = "UseCurrent();UpdateField(this);" })%>

My first thought was just to play the check for permissio开发者_StackOverflow中文版ns in similar embedded C# code right before that and put the HTML Helper in an "if" statement, so it would only render if the user had the permission. I second guessed myself when I saw the front end getting very bloated with all of these statements in my mind, and thought there might be a better way to do it.

Can any of you guys recommend anything? Thanks.

Have the user permissions as a separate module of the model. Create partial views which contain the blocks of code that you want to show/hide. Pass the module to the partial view, and have the view hold the logic for what to show.

This should mean you can create one block of logic in your partial view, with the decision being some basic ifs or switches and the mark up for displaying it more distinct and manageable.

So for example, let's say you make a permissions model that all your page models inherit, thus ensuring you can pass around the same permissions to all pages. You can then call a view and pass it the model like this:

<%Html.RenderPartial("Widgets/NavigationUserControl"); %>

This will hold the mark up and logic for user navigation. Inside this partial view you'd have it inherit your permissions object:

<%@ Control Language="C#" Inherits="System.Web.Mvc.ViewUserControl<WebApp.Web.Models.Permissions>" %>

And then you can do your more basic logic in the markup, or have a html helper do the grunt work and return some enums/properties for more basic code to do decision on. For example;

<%
if (Model.User.IsAdmin)
{
%>
...html...
<%
}
else
{
%>
...html...
<%
}
%>

My first thought was just to play the check for permissions in similar embedded C# code right before that and put the HTML Helper in an "if" statement, so it would only render if the user had the permission. I second guessed myself when I saw the front end getting very bloated with all of these statements in my mind, and thought there might be a better way to do it.

Put the if inside your Html Helper and pass to the helper function what data you need to perform the conditional check.

View:

<body>
  <p>text</p>
  <%: Html.PermissionControlledFieldOne(someUserData, otherData) %>

Helper:

public HtmlString PermissionControlledFieldOne(....) {
  if (performSecurityCheck(someUserData, otherData)) {
    // .. render partial or build html or whatever you need
  }