c# - ASP.NET MVC 4 Custom Role Authorization show/hide Edit/Delete links in Views -

-

i want show/hide edit/delete links (including menu items) depending on user's authorization. have implemented authorizeattribute , have custom logic roles checking in overriden authorizecore. use logic when checking whether user has permissions view edit/delete links inside linkextensions method. setup:

public class authorizeactivity : authorizeattribute {     public override void onauthorization(authorizationcontext filtercontext)     {         base.onauthorization(filtercontext);     }      protected override bool authorizecore(system.web.httpcontextbase httpcontext)     {         bool isauthorized = base.authorizecore(httpcontext);         string actiontype = httpcontext.request.httpmethod;          string controller = httpcontext.request.requestcontext.routedata.values["controller"].tostring();         string action = httpcontext.request.requestcontext.routedata.values["action"].tostring();          //admins         if (controller == "admin")         {             if (httpcontext.user.isinrole(constants.admin))                 return true;         }         else         {             //data readers             if ((action == "details") || (action == "index"))             {                 if (httpcontext.user.isinrole(constants.datareader))                     return true;             }             //data writers &             else             {               ...             }         }         return false;     }

also used vivien chevallier's logic creating authorized action link extension outlined here: http://vivien-chevallier.com/articles/create-an-authorized-action-link-extension-for-aspnet-mvc-3 in view can use: 

<li>@html.actionlinkauthorized("admin", "index", "admin",false) </li>

and link either show or not depending on user's rights. in controller action decorated with: 

    [authorizeactivity]     public actionresult index()     {         return view(view);     }

the authorized link not work unless specify 'roles' in attribute believe redundant, so:

[authorizeactivity(roles = constants.rolesalescontractadmin)] public actionresult index() {     return view(view); }

i cant seem find way reuse logic in authorizeattribute. ideally called in actionlinkauthorized vivien's have it:

public static mvchtmlstring actionlinkauthorized(this htmlhelper htmlhelper, string linktext, string actionname, string controllername, routevaluedictionary routevalues, idictionary<string, object> htmlattributes, bool showactionlinkasdisabled)     {         if (htmlhelper.actionauthorized(actionname, controllername)) //the call verify here -- or inside actionauthorized         {             return htmlhelper.actionlink(linktext, actionname, controllername, routevalues, htmlattributes);         }         else         {             if (showactionlinkasdisabled)             {                 tagbuilder tagbuilder = new tagbuilder("span");                 tagbuilder.innerhtml = linktext;                 return mvchtmlstring.create(tagbuilder.tostring());             }             else             {                 return mvchtmlstring.empty;             }         }     }

this actionauthorized method. onauthorization call not go customized one

public static bool actionauthorized(this htmlhelper htmlhelper, string actionname, string controllername)     {         controllerbase controllerbase = string.isnullorempty(controllername) ? htmlhelper.viewcontext.controller : htmlhelper.getcontrollerbyname(controllername);         controllercontext controllercontext = new controllercontext(htmlhelper.viewcontext.requestcontext, controllerbase);         controllerdescriptor controllerdescriptor = new reflectedcontrollerdescriptor(controllercontext.controller.gettype());         actiondescriptor actiondescriptor = controllerdescriptor.findaction(controllercontext, actionname);          if (actiondescriptor == null)             return false;         filterinfo filters = new filterinfo(filterproviders.providers.getfilters(controllercontext, actiondescriptor));          authorizationcontext authorizationcontext = new authorizationcontext(controllercontext, actiondescriptor);         foreach (iauthorizationfilter authorizationfilter in filters.authorizationfilters)         {             authorizationfilter.onauthorization(authorizationcontext); //this call             if (authorizationcontext.result != null)                 return false;         }         return true;     }

in view, can write:

@if (user.isinrole("role")) {     <li>@html.actionlink("words", "view", "controller")</li>     <li>@html.actionlink("words", "view", "controller")</li> }

... , assuming they're logged in, conditionally hide links


Comments

Post a Comment

Popular posts from this blog

javascript - how to protect a flash video from refresh? -

-
<!doctype html> <html> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <title>flash video refresh</title> </head> <body> <div id="playerzone"><embed height="496" width="580" flashvars="flvid=19742822&amp;createtime=2012-4-19 13:46:33" wmode="opaque" allowscriptaccess="always" allowfullscreen="true" quality="high" bgcolor="#000000" name="player" id="player" src="swf/mine.swf" type="application/x-shockwave-flash"></div> <a onclick="return test();" id="test">click me popup div,and hide scrollbar</a> </body> the code upon: for example,when click a#test button,popup div,it's no problem,but want hide scrollbar while div popup. i used $('html').css('overflow','hidden') in...
Read more

visual studio 2010 - Connect to informix database windows form application -

-
i trying figure out how connect ibm informix database. have been doing research , have found threads 5 years ago examples not working. i have installed latest sdk ibm informix. i have included ibm.data.informix.dll references in project. i have included using ibm.data.informix; i adding button , on click testing conenction. debug error "sql0035n file "c:\users\adam\documents\visual studio 2010\projects\test\test\msg\en_us\db2nmp.xml" cannot opened." this file not exist , dont see anywhere in program files (x86)\ibm informix client sdk directory. my on click code is private void button1_click(object sender, eventargs e) { const string host = "192.168.obfuscated"; const string servicenum = "1525"; //port? const string server = "serverobfuscated"; const string database = "dbobfuscatedy"; const string user = "myusername"; const string password = ...
Read more

android - Associate same looper with different threads -

-
Image
in application, want create multiple threads working on single queue. create queue know need call looper.prepare() . i want other threads create should associated looper created first thread, how can achieve this? use 1 of java thread safe queue class java.util.concurrent package instead of looper achieve goal. it's more common practice. share queue between threads , post task queue entry 1 thread can entry thread. blockingqueue can - in 1 thread call take() , block thread until thread put() entry queue. that's all. producer consumer pattern example blockingqueue or concurrentlinkedqueue about blockingqueue
Read more