0

I can do authorization easily on the controller actions using the Authorization attribute. But how do I render views as easily as using Authorization attribute?

For example, if I have a menu and the user is unauthorized for certain menus, how would I hide those menu items?

Let's say I have a page that renders a table with add/edit/delete links. I have controller actions that correspond to those links and so the unauthorized user cannot perform those actions. But I'd like to go further by hiding them altogether.

What I have now is a spaghetti of a mess that checks for user permissions in the view - whole bunch of <% if (user.hasPermission(..) { %> ... <% } %>. It's unruly.

What strategies are there to mitigate this mess? Certainly I can't be the first one to have run into this dilemma.

Jiho Han
  • 1,610
  • 1
  • 19
  • 41

1 Answers1

0

I think a "security trimming" ActionLink helper would solve your problem nicely:

"Security aware" action link?

Community
  • 1
  • 1
John Farrell
  • 24,673
  • 10
  • 77
  • 110
  • That's nice but it only works for a single link. I'm really looking for a way to filter in or out a block of code, or a block of markup. I know <% if (condition) { %>...<% } %> effectively does this but I feel as if it's inadequate. Perhaps it's a different view engine that I need – Jiho Han Jun 11 '10 at 14:12