Home/ Questions/Q 3676950
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-19T03:09:43+00:00

So currently in our code, we have a bunch of classes around accessing roles

  • 0

So currently in our code, we have a bunch of classes around accessing roles and permissions for specific users logged into the web application. This is built fine, and works well. However, a certain requirement that has come up now is not only the ability to restrict certain pages (whole views) to certain permissions, but also specific fields on those views. So you might have the ability to see a view, but you might only have a permission that lets you see certain fields on that page.

We generate most of our fields using HTML Helpers with in ASP.NET/C#. For example here is one that we need to block/show depending on a permission:

<%= Html.CheckBoxFor(m => m.Current, new { @class = "economicTextBox", propertyName = "Current", onchange = "UseCurrent();UpdateField(this);" })%>

My first thought was just to play the check for permissions in similar embedded C# code right before that and put the HTML Helper in an “if” statement, so it would only render if the user had the permission. I second guessed myself when I saw the front end getting very bloated with all of these statements in my mind, and thought there might be a better way to do it.

Can any of you guys recommend anything? Thanks.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Have the user permissions as a separate module of the model. Create partial views which contain the blocks of code that you want to show/hide. Pass the module to the partial view, and have the view hold the logic for what to show.

    This should mean you can create one block of logic in your partial view, with the decision being some basic ifs or switches and the mark up for displaying it more distinct and manageable.

    So for example, let’s say you make a permissions model that all your page models inherit, thus ensuring you can pass around the same permissions to all pages. You can then call a view and pass it the model like this:

    <%Html.RenderPartial("Widgets/NavigationUserControl"); %>

    This will hold the mark up and logic for user navigation. Inside this partial view you’d have it inherit your permissions object:

    <%@ Control Language="C#" Inherits="System.Web.Mvc.ViewUserControl<WebApp.Web.Models.Permissions>" %>

    And then you can do your more basic logic in the markup, or have a html helper do the grunt work and return some enums/properties for more basic code to do decision on. For example;

    <%
if (Model.User.IsAdmin)
{
%>
...html...
<%
}
else
{
%>
...html...
<%
}
%>
    • 0