How can I create a view that has different displays according to the role the user is in?

后端 未结 8 1351
南方客
南方客 2020-12-04 11:22

I want to create a view that has different displays according to the role the user is in.

Should I create a different view for different roles or should I check the

相关标签:
8条回答
  • 2020-12-04 12:08

    I'm not that familiar with ASP.NET MVC (yet) but can't you do some kind of conditional filter in the View? If the Controller passes the role to the View, then you should be able to do a conditional filter and display a certain block of code if the user is an admin. If you want to display a totally separate page, then you'd have a multiple Views, otherwise you can use one and do some conditional.

    In Ruby on Rails it would be something like (sorry, I don't know ASP.NET MVC really yet):

    <% if @user.admin? # is the user an admin %>
      <h3>Admin Tools</h3>
    <% end %>
    <p>Regular site content</p>
    

    In Rails you would load the extra content from partials; ASP.NET MVC has something similar but I forget what it's called. Maybe look into that?

    Sorry I can't be of more help -- like I said I haven't really gotten to play with ASP.NET MVC.

    0 讨论(0)
  • 2020-12-04 12:11

    Yeah that was something that was bothering me as well ... but at the same time it seems ridiculous to load whole different view for such a small change.

    btw how did you set this up in your controller. Right now, my controller looks something like the code below, which I don't think is correct.

    [Authorize(Roles = "Admin, Member")]
    public ActionResult RegistrationInformation()
    {
    
        return View();
    }
    
    0 讨论(0)
  • 2020-12-04 12:12

    Or should i use check the roles on the Veiw page its self rather than on actions, if so can someone plz show me how do check that on view page

    You need to do both. Check roles on actions as a security measure and check roles on views to enable/disable specific controls.

    Within your view page the long form of checking a role is

    HttpContext.Current.User.IsInRole("Administrator")
    

    many developers will create page helper methods so you can end up with something more concise for your application like

    public static bool IsAdmin(this ViewUserControl pg)
    {
        return pg.Page.User.IsInRole("Administrator")
    }
    

    then in your view you can just use this.IsAdmin()

    To keep your view clutter down look into using partial views

    <% if (IsAdmin())
       {
          Html.RenderPartial("AdminPanel");
       }
       else
       {
          Html.RenderPartial("UserPanel");
       }
    %>
    
    0 讨论(0)
  • 2020-12-04 12:18

    I like to have full control over this in the view, and I find that:

    <% if (User.IsInRole("Super User")) { %>
        <h1>Hello world!</h1>
    <% } %>
    

    Works for most scenarios. It also allows you to easily do conditional formatting for other roles, e.g "Content Manager", "Registered", etc.

    I do like Todd Smith's answer, because you might change the name of the Admin role, and that will require only one change, whereas, if you put the "Super User" or "Administrator" string directly in the view, you will have to change it wherever you've used the value.

    0 讨论(0)
  • 2020-12-04 12:25

    If the display changes based on the role -- and the change is small -- then I would do the check in the view. If certain views are restricted based on the role, then I would do the check in the controller. If the views are completely different (this would be hard to imagine), then separate views per role may be appropriate.

    You may want to abstract out certain role-specific view components into partial views to simplify your view logic -- basically you only have to check to include the partial or not based on the role.

    Also, other than to check for "IsAuthenticated", I would move the role checking logic to the controller and pass (as data) to the view information on which elements to include/exclude based on role. This keeps the actual business logic from bleeding into your view.

    0 讨论(0)
  • 2020-12-04 12:26

    If you are using MVC the whole point of development is to keep the logic out of the view and in the controller. It seems to me like you'd be better off on a WebForms development track than an MVC track.

    All that being said, I do an Admin check on a lot of my pages by using a check like this:

    <% if ((bool)ViewData["Admin"]) { %>
        <!-- Show admin controls here -->
    <% } %>
    

    But if you are attempting to build actual logic into the View then you need to figure out what you can push back to the controller to do the work and have the view be as dumb as possible, acting on flags sent to it.

    0 讨论(0)
提交回复
热议问题