Home/ Questions/Q 6887517
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T05:53:40+00:00

A novice to asp.net and mvc3. I am learning by setting myself challenges/developing an

  • 0

A novice to asp.net and mvc3. I am learning by setting myself challenges/developing an application. I tag all record tables where users interact with ProviderUserKey. Now I want to be able to restrict users logged in to be able to edit or delete their own records only but administrators can edit or delete any. I have been using scaffolding to generate controllers and views etc. for eg code for editing`// POST: /Post/Edit/5

    [HttpPost]
    public ActionResult Edit(PJpost pjpost)
    {
        if (ModelState.IsValid)
        {
            db.Entry(pjpost).State = EntityState.Modified;
            db.SaveChanges();
            return RedirectToAction("Index");
        }
        return View(pjpost);
    }`

Any help will be highly appreciated.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If you have a generic Edit method/action and you would like to keep it that way, I would add a method in your controller somethink like ValidateOwnership(record). This method would need to verify if CurrentUser’s ID is matching the one on the record and if user is a member of particular role – that can be done with RoleManager class. Method would return true/false.
    When you got it ready just put the call to the method in your code after ModelState validation. It would look like this

    [HttpPost]
public ActionResult Edit(PJpost pjpost)
{
    if (ModelState.IsValid)
    {
      if(IsOwnershipValid(pjpost){
          db.Entry(pjpost).State = EntityState.Modified;
          db.SaveChanges();
          return RedirectToAction("Index");
        }
       else {
           ModelState.AddModelError("ERROR","You're not allowed to do that");
           return View(pjpost);
        }
    }
    return View(pjpost);
}

    EDIT :
    So the OwnershipValidation could look like this :

    public bool ValidateOwnership(Pjpost pjpost) { 
    if (pjpost.MemUID == Membership.GetUser().ProviderUserKey.ToString()) 
    { 
    return true; 
    } 
    else 
    { 
    return false; 
    } 
}

    I hope this is what you meant.

    • 0