.NET WinForms 中 UI 元素的授权

发布于 2024-10-08 02:44:38 字数 392 浏览 3 评论 0原文

我有一个关于为应用程序角色授权 UI 元素的最佳方法的一般性问题。我的意思是管理员可以看到普通用户看不到的按钮、菜单项等。对此的最佳实践是什么？

我意识到可能有多个基于角色的屏幕（管理员屏幕、为用户重复的同一屏幕等），这绝对看起来有点矫枉过正。我还想保留关注点分离，这样我的授权代码就不会与显示功能混合在一起。换句话说，我想避免：

if( current_user.IsInRole("administrator") )
  button.Enabled = true;

我一直在使用 PostSharp 查看 Aspects，这似乎几乎正是我想要做的，但它似乎并没有在逻辑上扩展到 UI。

我确信我错过了一些东西，它是什么？

谢谢 -

原文

I have a general question about the best approach for authorizing UI elements for application Roles. What I mean is an Administrator can see buttons, menu items, etc, that a regular User cannot see. What is the best practice for this?

I realize that there could be multiple screens based on Role (an Admin screen, the same screen duplicated for User, etc), that definitely seems like overkill. I also want to keep Separation of Concern so my authorization code is not intermingled with display functionality. In other words, I want to avoid:

if( current_user.IsInRole("administrator") )
  button.Enabled = true;

I have been looking at Aspects with PostSharp, which seems almost exactly what I want to do, but it doesn't seem to logically extend to the UI.

I'm sure I'm missing something, what is it?

Thanks -

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

风轻花落早 2024-10-15 02:44:38

您的代码似乎最终会编译要隐藏的 UI 元素列表，或执行给定的操作，然后根据当前角色执行这些操作。像

Dictionary<Control, Action<Control, string>> actions = new Dictionary<Control, Action<Control, string>>
{
    { button, (c, r) => c.Enabled = (r == "administrator") },
    // etc.
};

你如何编制该列表之类的事情主要是你的问题所关心的。 AOP 框架肯定有助于分离关注点，但自制解决方案也并非不可能。我在想类似的事情：

创建一个带有参数role的EnableForRoleAttribute。
反思您的表单（可能使用反射来查找表单，或者可能直接将它们提供给您的代码，甚至查找用您创建的 RoleVaryingAttribute 装饰的表单）。
反思表单的字段，过滤 Control 实例，然后过滤具有 EnableForRoleAttribute 的 Control 实例。
现在你有了你的清单！根据角色设置启用。

上面的项目符号列表特定于您的 Enabled 示例，主要是因为属性不能将 lambda 作为参数:(。您可以使用带有参数 SetPropertyIfInRoleAttribute 更加灵活>role、propertyName 和 propertyValue 或任何此类构造

基本上，AOP 框架使您的工作变得更容易，而像 PostSharp 这样的框架可以实现这一点。在编译时而不是运行时。但是自制解决方案也非常有效。

It seems likely that your code will eventually compile a list of UI elements to hide, or perform a given action to, and then perform those actions based on the current role. Something like

Dictionary<Control, Action<Control, string>> actions = new Dictionary<Control, Action<Control, string>>
{
    { button, (c, r) => c.Enabled = (r == "administrator") },
    // etc.
};

How you compile that list is primarily what your question is concerned with. AOP frameworks definitely help with the separation of concerns, but a homebrew solution wouldn't be impossible. I'm thinking something like:

Create an EnableForRoleAttribute, with parameter role.
Reflect on your forms (possibly using reflection to find the forms, or possibly providing them to your code directly, or even finding forms decorated with a RoleVaryingAttribute of your creation).
Reflect on the fields of your forms, filtering for Control instances, then for Control instances with the EnableForRoleAttribute.
Now you have your list! Set Enabled based on the role.

The above bulleted list is specific to your Enabled example, mainly because attributes can't take lambdas as parameters :(. You could be more flexible with a SetPropertyIfInRoleAttribute with parameters role, propertyName, and propertyValue. Or any such construction.

Basically, the AOP frameworks make this work easier for you, and some like PostSharp make it happen at compilation time instead of runtime. But the homebrew solution is pretty valid too.

回复收藏 0 原文

~没有更多了~