ASP.Net MVC elegant UI and ModelBinder authorization
Posted
by SDReyes
on Stack Overflow
See other posts from Stack Overflow
or by SDReyes
Published on 2010-04-29T15:01:35Z
Indexed on
2010/04/29
15:07 UTC
Read the original article
Hit count: 326
We know authorization stuff is a cross cutting concern, and we do anything we could to avoid merge business logic in our views.
But I still not found an elegant way to filter UI components (e.g. widgets, form elements, tables, etc) using the current user roles without contaminate the view with business logic. same applies for model binding.
Example
Form: Product Creation
Fields:
- Name
- Price
- Discount
Roles:
Role Administrator
- Is allowed to see and modify the Name field
- Is allowed to see and modify the Price field
- Is allowed to see and modify the Discount
Role Administrator assistant
- Is allowed to see and modify the Name
- Is allowed to see and modify the Price
Fields
shown in each role are different, and model binding
needs to ignore the discount field for 'Administrator assistant' role.
How would you do it?
© Stack Overflow or respective owner