如何根据用户所处的角色创建具有不同显示的视图?
我想创建一个根据用户所处的角色具有不同显示的视图。
我应该为不同的角色创建不同的视图,还是应该检查 Veiw 页面本身而不是操作中的角色?
如何在查看页面查看角色?
I want to create a view that has different displays according to the role the user is in.
Should I create a different view for different roles or should I check the roles on the Veiw page itself rather than in the actions?
How would I check the role on the view page?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(8)
您需要同时执行这两项操作。 检查操作上的角色作为安全措施,并检查视图上的角色以启用/禁用特定控制。
在您的视图页面中,检查角色的长形式是
许多开发人员将创建页面帮助器方法,以便您最终可以为您的应用程序提供更简洁的内容,就像
在您的视图中您可以使用 this.IsAdmin() em>
为了保持视图混乱,请考虑使用部分视图
You need to do both. Check roles on actions as a security measure and check roles on views to enable/disable specific controls.
Within your view page the long form of checking a role is
many developers will create page helper methods so you can end up with something more concise for your application like
then in your view you can just use this.IsAdmin()
To keep your view clutter down look into using partial views
如果显示根据角色而变化——并且变化很小——那么我会在视图中进行检查。 如果某些视图根据角色受到限制,那么我会在控制器中进行检查。 如果观点完全不同(这很难想象),那么每个角色单独的观点可能是合适的。
您可能希望将某些特定于角色的视图组件抽象为部分视图,以简化您的视图逻辑 - 基本上您只需要检查是否包含基于角色的部分视图。
另外,除了检查“IsAuthenticated”之外,我还将角色检查逻辑移至控制器,并将有关根据角色包含/排除哪些元素的信息(作为数据)传递给视图。 这可以防止实际的业务逻辑渗透到您的视图中。
If the display changes based on the role -- and the change is small -- then I would do the check in the view. If certain views are restricted based on the role, then I would do the check in the controller. If the views are completely different (this would be hard to imagine), then separate views per role may be appropriate.
You may want to abstract out certain role-specific view components into partial views to simplify your view logic -- basically you only have to check to include the partial or not based on the role.
Also, other than to check for "IsAuthenticated", I would move the role checking logic to the controller and pass (as data) to the view information on which elements to include/exclude based on role. This keeps the actual business logic from bleeding into your view.
如果您使用 MVC,那么开发的重点就是将逻辑保留在视图之外并保留在控制器中。 在我看来,WebForms 开发路线比 MVC 路线更好。
话虽这么说,我通过使用如下检查对我的很多页面进行管理检查:
但是,如果您尝试在视图中构建实际逻辑,那么您需要弄清楚可以将哪些内容推回到控制器完成工作并让视图尽可能愚蠢,根据发送给它的标志进行操作。
If you are using MVC the whole point of development is to keep the logic out of the view and in the controller. It seems to me like you'd be better off on a WebForms development track than an MVC track.
All that being said, I do an Admin check on a lot of my pages by using a check like this:
But if you are attempting to build actual logic into the View then you need to figure out what you can push back to the controller to do the work and have the view be as dumb as possible, acting on flags sent to it.
如果不研究 ASP.NET MVC 用于角色的确切机制,我会尖叫不将任何业务逻辑放入视图中,如果您在视图中检查角色,这就是您正在做的事情
without researching the exact mechanism asp.net mvc uses for roles i would scream no for putting any of your business logic in the view which is what you are doing if you are checking roles in the view
是的,这也困扰着我......但与此同时,为如此小的变化加载完全不同的视图似乎很荒谬。
顺便提一句
你是如何在控制器中进行设置的。
现在,我的控制器看起来类似于下面的代码,我认为这是不正确的。
Yeah that was something that was bothering me as well ... but at the same time it seems ridiculous to load whole different view for such a small change.
btw
how did you set this up in your controller.
Right now, my controller looks something like the code below, which I don't think is correct.
我对 ASP.NET MVC 还不太熟悉,但是你不能在视图中执行某种条件过滤器吗? 如果控制器将角色传递给视图,那么如果用户是管理员,您应该能够执行条件过滤并显示特定的代码块。 如果您想显示一个完全独立的页面,那么您将有多个视图,否则您可以使用一个视图并执行一些条件。
在 Ruby on Rails 中,它会类似于(抱歉,我还不太了解 ASP.NET MVC):
在 Rails 中,您将从部分加载额外的内容; ASP.NET MVC 有类似的东西,但我忘了它叫什么。 也许调查一下?
抱歉,我无法提供更多帮助 - 就像我说的那样,我还没有真正开始使用 ASP.NET MVC。
I'm not that familiar with ASP.NET MVC (yet) but can't you do some kind of conditional filter in the View? If the Controller passes the role to the View, then you should be able to do a conditional filter and display a certain block of code if the user is an admin. If you want to display a totally separate page, then you'd have a multiple Views, otherwise you can use one and do some conditional.
In Ruby on Rails it would be something like (sorry, I don't know ASP.NET MVC really yet):
In Rails you would load the extra content from partials; ASP.NET MVC has something similar but I forget what it's called. Maybe look into that?
Sorry I can't be of more help -- like I said I haven't really gotten to play with ASP.NET MVC.
我有所有其他模型扩展的基本模型。 在这个模型中我已经加载了用户的角色。 它基于 httpcontext.user.isinrole() 方法。 所有视图都是强类型的,需要基本模型类型。
所以我总是可以检查所有视图,例如 Model.CurrentUser.IsInRoles(Role1 | Role2)。 当然,不仅在视图中,而且在孔应用中。
I have base model which from all others models extend. In this model i have loaded the user's roles. Its based on httpcontext.user.isinrole() method. All views are strong typed expecting the base model type.
So i can always check in all views something like Model.CurrentUser.IsInRoles(Role1 | Role2). Not only in views of course, but in hole application.
我喜欢在视图中完全控制它,并且我发现:
适用于大多数场景。 它还允许您轻松地对其他角色进行条件格式化,例如“内容管理员”、“注册”等。
我确实喜欢托德·史密斯的回答,因为您可能会更改管理员角色的名称,而这只需要一项更改,而如果您将“超级用户”或“管理员”字符串直接放入视图中,则无论您在何处使用该值,都必须更改它。
I like to have full control over this in the view, and I find that:
Works for most scenarios. It also allows you to easily do conditional formatting for other roles, e.g "Content Manager", "Registered", etc.
I do like Todd Smith's answer, because you might change the name of the Admin role, and that will require only one change, whereas, if you put the "Super User" or "Administrator" string directly in the view, you will have to change it wherever you've used the value.