{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 叛逆 的问题《How to handle action based permissions in MVC》','https://www.manongdao.com/q-963485.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm new to MVC and I would like to get suggestions on how to best handle action based permissions in my application.
I currently have some global permissions being checked at the controller level which work fine for rendering views the current user has access to, etc.
However, once the view has been rendered, I want to make decisions such as 'enable DELETE button, ONLY IF user has delete permissions for the item currently selected' At that point, those permissions are no longer Global but based on the context of the object selected.
How should I write my code to handle this type of scenario?
By Default your Views have access to the User Object.
You can check on the View if User.IsInRole("myDeleteRole").
or
I don't know if this is the best way, but its what i have done in the past
I guess another way would be to write seperate Views depending on what rights a user has. that way you could do the logic on the controller and send the user to the specified view