ASP.Net MVC elegant UI and ModelBinder authorization

Posted by SDReyes on Stack Overflow See other posts from Stack Overflow or by SDReyes
Published on 2010-04-29T15:01:35Z Indexed on 2010/04/29 15:07 UTC
Read the original article Hit count: 326

We know authorization stuff is a cross cutting concern, and we do anything we could to avoid merge business logic in our views.

But I still not found an elegant way to filter UI components (e.g. widgets, form elements, tables, etc) using the current user roles without contaminate the view with business logic. same applies for model binding.


Example

Form: Product Creation

Fields:

  • Name
  • Price
  • Discount

Roles:

  • Role Administrator

    • Is allowed to see and modify the Name field
    • Is allowed to see and modify the Price field
    • Is allowed to see and modify the Discount
  • Role Administrator assistant

    • Is allowed to see and modify the Name
    • Is allowed to see and modify the Price

Fields shown in each role are different, and model binding needs to ignore the discount field for 'Administrator assistant' role.

How would you do it?

© Stack Overflow or respective owner

Related posts about asp.net-mvc

Related posts about ASP.NET