Hide or Disable MVC3 ActionLinks depending on cell

2019-09-03 10:36发布

站内问答 / jQuery
579 2 6

MVC3 has created the following table for me

@foreach (var item in Model) {
<tr>
    <td>
        @Html.DisplayFor(modelItem => item.Author)
    </td>
    <td>
        @Html.DisplayFor(modelItem => item.Comment)
    </td>
     <td>
        @Html.ActionLink("Edit", "Edit", new { id=item.UserCommentID }) |
        @Html.ActionLink("Details", "Details", new { id=item.UserCommentID }) |
        @Html.ActionLink("Delete", "Delete", new { id=item.UserCommentID })
    </td>
</tr>

}

I am sure everyone has seen this sort of thing a million times before.

Does anyone know if there is any way of hiding or disabling the Actionlinks depending on the item.Author.

(I only want an author be able to Edit or Delete his own comments)

I am thinking that the answer might lie with jQuery but I will be very happy with any solution at all.

Many thanks.

2条回答
再贱就再见
2楼-- · 2019-09-03 11:25

In addition to Marek's comments - please check the current user when they post/get your edit page as well to make sure they have permissions to this. I could easily forge a link to access something I should have access to or even change any hidden form values you have to tamper with the model when editing something.

查看更多
0人赞 添加讨论(0) 举报
Fickle 薄情
3楼-- · 2019-09-03 11:32

Something like this

@if(item.Author == loggedInUserIdOrSomethingYouWantToCompareTo) {
    <text>
    @Html.ActionLink("Edit", "Edit", new { id=item.UserCommentID }) |
    @Html.ActionLink("Details", "Details", new { id=item.UserCommentID }) |
    @Html.ActionLink("Delete", "Delete", new { id=item.UserCommentID })
    </text>
}

obviously you should still check on the controller side to make sure the user has the permissions (it would be easy to "fake" these URLs).

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)