基于角色的隐藏链接 [英] Hide link based on Role
问题描述
进出口新的asp.mvc。我试图建立一个门户网站,以保持员工数据。在我的系统只是经理人有 - 瑞创造的雇员。如何启用的链接时,管理员日志,并禁止员工时,日志中,谢谢
我的视图
@model IEnumerable的< SealManagementPortal_3._0.Models.VOC_CUSTODIAN>
@ {
ViewBag.Title =保管人清单;
}
< H2>指数< / H>
&所述p为H.;
@ Html.ActionLink(新建,创建)
&所述; / P>
<脚本类型=文/ JavaScript的>
jQuery的(文件)。就绪(函数(){
jQuery的(#列表2)。jqGrid的({
网址:'@ Url.Action(的GridData,护法)',
数据类型:JSON,
MTYPE:'GET',
colNames:['代理人身份证','科','唯一ID,托管人名称,/ *身份证号码,电子邮件,联系电话,手机号码,* /角色 ,详细资料,编辑,删除]
colModel:
{名称:'代理人身份证',索引:'',宽度:10,调整:'左'},
{名称:'科',索引:'',宽度:10,调整:'左'},
{名称:'唯一ID',索引:'',宽度:10,调整:'左'},
{名称:'托管人名称,索引:'',宽度:10,调整:'左'},
{名称:'角色',索引:'',宽度:10,调整:'左'},
{名称:'细节',索引:'',宽度:5,对齐:'左'},
{名称:'编辑',索引:'',宽度:5,对齐:'左'},
{名称:'删除',索引:'',宽度:5,对齐:'左'}],
寻呼机:jQuery的('#pager2'),
的rowNum:10,
sortname:'ID',
排序顺序:递减,
viewrecords:真实,
autowidth:真实,
标题:托管人名单
});
});
< / SCRIPT>
@using(Html.BeginForm())
{
<表ID =列表2级=滚动的cellpadding =0CELLSPACING =0>< /表>
您可以使用角色。第一个并最重要的事情是装饰是应该执行与授权属性更新控制器动作并指定正确的角色都用户必须要访问此控制器操作posses:
[HttpPost]
[授权(角色=经理)]
公众的ActionResult创建(员工EMP)
{
...
}
一旦一切是安全的服务器上,你可以做化妆品视图,并显示该链接仅当用户在管理角色:
@if(User.IsInRole(经理))
{
@ Html.ActionLink(创建员工,创建)
}
您可以看一看的<一个href=\"http://www.asp.net/mvc/tutorials/older-versions/security/authenticating-users-with-forms-authentication-cs\">following文章有关窗体身份验证和角色的详细信息。
Im new to asp.mvc. I'm trying to develop a portal to maintain employee data. In my system only "Manager" has the rigths to create employee. How do I enable the link when manager log in and disable when employee log in. Thanks
My View
@model IEnumerable<SealManagementPortal_3._0.Models.VOC_CUSTODIAN>
@{
ViewBag.Title = "List of Custodians";
}
<h2>Index</h2>
<p>
@Html.ActionLink("Create New", "Create")
</p>
<script type="text/javascript">
jQuery(document).ready(function () {
jQuery("#list2").jqGrid({
url: '@Url.Action("GridData", "Custodian")',
datatype: 'json',
mtype: 'GET',
colNames: ['Agent ID', 'Branch', 'Unique ID', 'Custodian Name', /*'NRIC No', 'E-Mail', 'Contact No', 'Mobile No',*/'Role', 'Details', 'Edit', 'Delete'],
colModel: [
{ name: 'Agent ID', index: '', width: 10, align: 'left' },
{ name: 'Branch', index: '', width: 10, align: 'left' },
{ name: 'Unique ID', index: '', width: 10, align: 'left' },
{ name: 'Custodian Name', index: '', width: 10, align: 'left' },
{name: 'Role', index: '', width: 10, align: 'left' },
{ name: 'Details', index: '', width: 5, align: 'left' },
{ name: 'Edit', index: '', width: 5, align: 'left' },
{ name: 'Delete', index: '', width: 5, align: 'left'}],
pager: jQuery('#pager2'),
rowNum: 10,
sortname: 'Id',
sortorder: "desc",
viewrecords: true,
autowidth: true,
caption: 'Custodians List'
});
});
</script>
@using (Html.BeginForm())
{
<table id="list2" class="scroll" cellpadding="0" cellspacing="0"></table>
You could use roles. The first and most important thing is to decorate the controller action that is supposed to perform the update with the Authorize attribute and specify the correct roles that the user must posses in order to access this controller action:
[HttpPost]
[Authorize(Roles = "Managers")]
public ActionResult Create(Employee emp)
{
...
}
Once everything is secure on the server you could do cosmetics in the view and show the link only if the user is in the Managers role:
@if (User.IsInRole("Managers"))
{
@Html.ActionLink("Create employee", "Create")
}
You may take a look at the following article for more information about forms authentication and roles.
这篇关于基于角色的隐藏链接的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
