0

I have a jqgrid and I have a custom formatter for it which formats and displays links as per my needs. This does work fine but I have a problem. I want to display links conditionally. How can I do that?

For Eg. If the person is Admin then show him all links like edit, delete etc (these links map to action methods in controller). But if the person is NonAdmin user then only show View link and hide all other links.

I just need a general strategy of how to accomplish this. One of the strategy would be I add a boolean field to my json data which would signify whether the link of edit, delete etc is to be shown or not. Then in my formatter and I can look at the row data and decide whether to return show link or not.

Is there any better way of doing this?

TCM
  • 16,780
  • 43
  • 156
  • 254

1 Answers1

1

You suggestion with additional data in the JSON response from the server sounds OK. It's important to mention, that you should prevent data editing for non-admins in any way. The hiding or not creating the link for editing is not a security feature, but mostly GUI improvement to prevent actions which are not permitted. If you has some technical problems with the implementation you should include the corresponding code in your question.

If you use additionally form editing, then the demo from the answer or another demo from the another answer could be also helpful for you.

Community
  • 1
  • 1
Oleg
  • 220,925
  • 34
  • 403
  • 798
  • Thanks Oleg. I understand hiding the link is just GUI improvement. Server side security is altogether a different story. I can do that by using [Authorize(Roles="Admin")] or something like that. – TCM Sep 28 '11 at 14:21
  • @Anthony: You are welcome! The usage of `[Authorize(Roles="Admin")]` is what you can good use in ASP.NET MVC actions for example. You should only customize the message which will the the user in case of low permission. So that the user will clear understand the reason of the failure. – Oleg Sep 28 '11 at 14:31
  • That is what I don't understand. How can I customize the message? Actually if the user is not Admin, it throws the user to login url. I am using forms authentication. There isn't any option available for that attribute to show ErrorMessage. Maybe I can extend the Attribute and set TempData["Message"] and then show that message on the login page. Just a thought! If you know the answer you may post it else if you want to me create a new question let me know since this is not directly related to the question. – TCM Sep 28 '11 at 14:36
  • @Anthony: I personally don't set `[Authorize(Roles="Admin")]` attribute and validate the users role in the first lines *inside* of the action. You can use the way which I described [here](http://stackoverflow.com/questions/5500805/asp-net-mvc-2-0-implementation-of-searching-in-jqgrid/5501644#5501644) to use `[HandleJsonException]`. In the case you can examine which authorization exception will be thrown and customize the error response from the server. – Oleg Sep 28 '11 at 14:44
  • Hmm your famous code that kept me stunned when I was looking at it for 1st time. – TCM Sep 28 '11 at 14:51
  • @Anthony: Just download [the demo project](http://www.ok-soft-gmbh.com/jqGrid/jqGridDemoVS2010_withAutocomplete.zip) or [the previous one](http://www.ok-soft-gmbh.com/jqGrid/jqGridDemoVS2010.zip). The example with the error from SQL server which is not started or some other SQL error which you don't throw manually could explain what I mean. The class `HandleJsonExceptionAttribute` will catch *all* exceptions. You can debug what you will have in case of accessing of an action having `[Authorize(Roles="Admin")]` attribute by any non-admin user. – Oleg Sep 28 '11 at 14:56