如何控制访问的形式领域在ASP.Net MVC 3看法? [英] How to control access to forms fields on a ASP.Net MVC 3 view?
问题描述
示例
用户jtirado分配角色HR-助手,可以访问路线mymvcapp / employeee /编辑/ 1452编辑员工(编号:1452)的数据。
User "jtirado" is assigned role "HR-Assistant", can access route "mymvcapp/employeee/edit/1452" to edit employee (id:1452) data.
作为HR-助手,该用户可以改变员工的电话号码和电子邮件,可以查看员工工资,但不能编辑的数量。
Being "HR-Assistant", this user can change employee telephone number and e-mail, can view employee salary but not edit the amount.
电话号码,电子邮件,工资是dabatase领域和重新presented /由一个asp.net-MVC-控制或HTML控制在视图中呈现。所以我想限制访问基于用户角色的这些控制。
Telephone number, email, salary are dabatase fields and are represented/rendered by a "asp.net-mvc-control" or "HTML-control" on the View. So I want to restrict access to these controls based on user's role.
previous经验
我以前做过一个经典的3层ASP.Net 3.5 Web窗体应用程序,使用的是母版,一个BasePage类和RoleBasedAccessControl数据库模型。
I've done this before for a classic 3-tier ASP.Net 3.5 web forms application, using a MasterPage, a BasePage class and a RoleBasedAccessControl database model.
母版构建选项菜单,用户根据自己的分配角色可以访问。
MasterPage builds the options menu the user has access according to his assigned role.
BasePage类检查用户是否有权访问所需的页,如果是这样,支票,其控制(例如:DdlClientType,TxtLastName,ChkIsActive),用户可以编辑
BasePage class checks if the user has access to the required page, and if so, checks which controls (ex: DdlClientType, TxtLastName,ChkIsActive) the user can edit.
这样的话,我没有使用的if-then语句来检查权限和,因为我想我可以创建多个角色,给他们任何权限,无需更改任何C#code。
This way, I don't have to use if-then sentences to check permissions and, I can create as many roles as I want, giving them any permissions, without having to change any C# code.
我打算使用相同的RoleBasedAccessControl数据库模型为这个新的MVC应用程序。
I'm planning to use the same RoleBasedAccessControl database model for this new MVC app.
问题
所以我的dubts是关于如何使用ASP.Net MVC 3实现母版和BasePage类或是否有实现这一目标的另一种方式,如果我应该做的其他方式。
So my dubts are about how to implement the MasterPage and BasePage class using ASP.Net MVC 3 or if there's another way of achieving this, and if I should do it other way.
在我看来,这ViewMasterPage是MVC-相当于网络表单MasterPages。我也听说过剃刀布局页。
It seems to me that ViewMasterPage is the MVC-equivalent to Web-Forms-MasterPages. I've also heard about Razor layout pages.
不管怎样,我想我应该处理这一切的控制器。
Anyway, I suppose I should handle all of this in a Controller.
我将使用:
- ASP.NET MVC 3.0
- 剃须刀
我检查了这些职位:
<一个href=\"http://stackoverflow.com/questions/368904/best-practices-for-controlling-access-to-form-fields\">Best实践控制访问到表单域
但他们不完全符合我的情况。
But they don't fully fit my case.
推荐答案
剃刀引擎的一个问题是,有一个页面上没有控制收集,因为在WebForms的。因此,你将无法通过所有的控件在页面中进行迭代,并做一些与他们。
One issue with the Razor engine is that there is no "Controls" collection on a page, as there is in WebForms. Thus you wouldn't be able to iterate through all of the controls in a page and do something with them.
这是说,你仍然可以使用一个子类基本视图的想法 System.Web.Mvc.WebViewPage 和/或的System.Web .Mvc.WebViewPage&LT;&的TModel GT; 所概述<一href=\"http://stackoverflow.com/questions/3963834/whats-the-base-class-of-a-razor-view-in-asp-net-mvc3\">in一个previous问题。同样,来自控制器继承会帮助一个基本的控制器,以及。
That said, you can still use a "Base View" idea by subclassing System.Web.Mvc.WebViewPage and/or System.Web.Mvc.WebViewPage<TModel> as outlined in a previous question. Likewise, inheriting from Controller will help for a base controller as well.
我不知道我有一个具体的答案在这里,但有一件事我所做的就是加上指示哪些角色可以访问他们我的模特属性自定义属性。然后我重载内置的方法,如 @ Html.TextBoxFor(),传递当前用户的角色。在过载我核对的财产属性的角色的说法。
I'm not sure I have a concrete answer here, but one thing I've done is add custom attributes on my model properties indicating which roles can access them. Then I overload the built-in methods like @Html.TextBoxFor(), passing in the current user's roles. In the overload I check the roles argument against the attribute on the property.
在你的情况,属性可能不起作用,而是你会从数据库中读取授权;同样的想法,只是不同的实现。
In your case, attributes may not work, and instead you'll read the authorization from a database; same idea, just a different implementation.
希望得到您在正确的方向前进。
Hope that gets you going in the right direction.
这篇关于如何控制访问的形式领域在ASP.Net MVC 3看法?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
