ASP.NET MVC3视图授权设计
[英]ASP.NET MVC3 view authorization design
问题描述
Imagine you have a secured site and a View that can be generated in multiple ways, depending on the user role. 
假设您有一个受保护的站点和一个可以按照用户角色以多种方式生成的视图。 Say, an Admin sees all, Manager sees some columns and some action buttons, User sees other columns and other action buttons. 假设管理员看到了所有内容,经理看到了一些列和一些操作按钮,用户看到了其他列和其他操作按钮。
How would you implement this? 您将如何实施? As far as I see it, there are three main options: 据我所知,有三个主要选项:
- Controller with [Authorize] attribute and the action returning 1 View per user role, being those views tailored to the role; 具有[Authorize]属性的控制器,并且该操作将为每个用户角色返回1个视图,即针对该角色量身定制的那些视图;
- Controller with [Authorize] attribute and the action returning 1 View for all roles, with logic to hide/show columns, fields, buttons; 具有[Authorize]属性的控制器,其操作返回所有角色的1 View,具有隐藏/显示列,字段,按钮的逻辑;
- Controller with [Authorize] attribute and the action returning 1 View, which based on the roles renders different Partial Views. 具有[Authorize]属性的控制器,其操作返回1个View,根据角色,它们呈现不同的Partial View。
I prefer the third approach, but do you see a better way to implement this? 我更喜欢第三种方法,但是您看到一种更好的方法吗?
Thank you in advance 先感谢您
2 个解决方案
解决方案1
2 已采纳 2012-02-22 13:03:03
Depending on the complexity of your view, either the first or the third option would seem ok to me. 根据您视图的复杂程度,第一种或第三种选择对我来说似乎不错。 As for the second option; 至于第二种选择; Its generally recommended to avoid logic in views so I'd stay away from that one. 通常建议避免视图中的逻辑,因此我会远离该视图。
If you go for the third option you should consider using EditorTemplates and DisplayTemplates. 如果您选择第三个选项,则应考虑使用EditorTemplates和DisplayTemplates。 This will allow you to make your (main) view agnostic to what partial view to render. 这将使您可以使(主)视图与要渲染的局部视图无关。 Make your viewmodel (or part of it) inherit from a single base class. 使您的视图模型(或其一部分)继承自单个基类。 Create display and/or editor templates for each view model type and in your view just say Html.DisplayFor( ... ) or Html.EditorFor( ... ) . 为每种视图模型类型创建显示和/或编辑器模板,然后在视图中说Html.DisplayFor( ... )或Html.EditorFor( ... ) 。 MVC will automatically pick the right template, without the need for logic in your view. MVC将自动选择正确的模板,而无需您认为逻辑。
解决方案2
0 2012-02-22 12:59:12
What I have been doing for menus and other navigational items is that I have a ViewModel class for it. 我对菜单和其他导航项所做的就是为其提供ViewModel类。 Here is a simplified version. 这是一个简化的版本。
ViewModel 视图模型
public class Action
{
public string DisplayName { get; set; } // localized
public string Url { get; set;
}
public class MenuViewModel
{
public List<Action> Actions { get; set; }
public MenuViewModel()
{
this.Actions = new List<Action>();
}
}
I fill that depending on the user role. 我根据用户角色来填充。 Admin gets more links etc. 管理员获得更多链接等。
That ViewModel is part of "main" view model 该ViewModel是“主”视图模型的一部分
public class AlbumEditorViewModel
{
public MenuViewModel Menu { get; set; }
}
Then I'll pass that view model for the partial view that is responsible for the menu. 然后,我将该视图模型传递给负责菜单的部分视图。
View (Razor) 视图(剃刀)
@model AlbumEditorViewModel
.. razor stuff here ..
@Html.Partial("Menu", Model.Navigation)
.. razor stuff here ..
Partial View 部分视图
@model MenuViewModel
<ul>
@foreach (var action in Model.Actions)
{
<li>
@GridHelper.GetAction(action)
</li>
}
</ul>
I hope that this will give you ideas 我希望这会给你想法
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.