Menu
I am using ASP.NET MVC4.
This is my userroles
1. Administrator
2. L1 Admin
3. L2 Admin
Administrator group users have permission for Settings(used adding , permission settings). View Logs, Error Reports etc.
If a user is a member for Administrator group, he can see only menus which are related ti above settings.
I have a menu table, having menu details. There are some functions like Delete,Edit which are shown based on the role of the current user and not availble in the top Menu . Delete,Edit link is placed inside a table while Listing the data. That also included and for that types of entry , IsVisible is false.
MenuID - MenuName - Controller - Action - ParentID - IsVisible
I have a roleMenu table, having menu which are assigned to each roles.
RoleID - MenuID
If Admininstrator is logging in, he can see all menus. If L1Admin is logging in , he can only see menu which are assigned to him.
I created a custom attribute for authentication and after that I query the database and get the permission for the user based on the Contoller and Action (table Menu joins RoleMenu). So I can restrict a request if the user tries access an action through URL by typing in browser.
If I am entering as L1Admin, I can only see the List Pages and the menu is created correclty. In the list page I am using for listing. So how can I hide the Edit/Details link based on the Permission of logged in user.
<div style="float: left">
<table width="50%">
<tr>
<th>
@Html.DisplayNameFor(model => model.Name)
</th>
<th>
</th>
</tr>
@foreach (var item in Model)
{
<tr>
<td style="width:30%;">
@Html.DisplayFor(modelItem => item.Name)
</td>
<td style="width:20%;">
// I need to hide EDIT/DELETE based on the permission setting of Current logged in user.
@Html.ActionLink("Edit", "Edit", new { id = item.ID }) |
<a href="Server/@item.ID">Details</a> |
@Html.ActionLink("Delete", "Delete", new { id = item.ID })
</td>
</tr>
}
</table>
</div>
Thanks in advance.
EDIT
I am storing the permission details in a database.
606
For example, you can do it in a way like this:
@if (ViewContext.HttpContext.User.IsInRole("Your role"))
{
// Do something here
}
Option 1 - Considering you are using asp .net membership.
@if (Roles.IsUserInRole("Administrator"))
{
//show link
}
else
{
//hide link/button
}
Option 2 - Specify roles in userData in case you are creating AuthCookie on your own and later set HttpContext.Current.User to new GenericPrinciple(fetch userrole from userdata of authcookie) on Application_PostAuthenticateRequest method of Global.asax.cs file - Leaving the implementation on you to google.
This should work later
System.Web.HttpContext.Current.User.IsInRole("RoleName");
Because of storing the permission details in a database, You can check permission as the following ways
Option 1 Create an authorized action link extension. Demo
Create a custom html Authorized ActionLink and call as below
<ul id="menu">
<li><%: Html.ActionLink("Home", "Index", "Home")%></li>
<li><%: Html.ActionLink("About", "About", "Home")%></li>
// Next line What you are looking for
<li><%: Html.ActionLinkAuthorized("The Privilege Zone", "ThePrivilegeZone", "Home", true)%></li>
</ul>
Note : for a better security you need a custom action filter to check all the request is authorized.
Option 2
Create a static function and check before action link
public static bool IsUserInRole(string rolenamefrom session)
{
// Check the user have the privilege then return true/false
}
@if (IsUserInRole("Administrator"))
{ //show link }
else
{//hide link/button}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
