使用帮助方法在我的剃刀视图中查看或隐藏下拉列表

时间:2012-04-26 02:46:41

标签: asp.net-mvc-3 razor

我有一个名为Visit的对象,我定义了以下helper method(“CanBeEdited”)来指定用户是否可以编辑对象Status属性: -

public partial class Visit 
    {
        public bool CanBeEdited(string username)
        {return (((DoctorID != null) && (DoctorID.ToUpper().Equals(username.ToUpper()))) && (StatusID == 5));       }     }}

然后我已指定在dropdownlist视图中显示或隐藏某些Edit,具体取决于天气CanBeEdited辅助方法返回true或false(如果返回true,则用户可以查看并编辑Status dropdownlist,如果返回false,则视图将呈现表示旧状态值的@Html.HiddenFor

我的编辑视图包含帮助方法,如下所示: -

@using (Html.BeginForm())
{
    @Html.ValidationSummary(true)
    <fieldset>
        <legend>Visit</legend>
        <div class="editor-label">
            @Html.LabelFor(model => model.Note)
        </div>
        <div class="editor-field">
            @Html.EditorFor(model => model.Note)
            @Html.ValidationMessageFor(model => model.Note)
        </div>


        <div class="editor-label">
            @Html.LabelFor(model => model.DoctorID)
        </div>
        <div class="editor-field">
            @Html.DropDownList("DoctorID", String.Empty)
            @Html.ValidationMessageFor(model => model.DoctorID)
        </div>

        @{
       if (Model.CanBeEdited(Context.User.Identity.Name))
       {
        <div class="editor-label">
            @Html.LabelFor(model => model.StatusID)
        </div>
        <div class="editor-field">
            @Html.DropDownList("StatusID", String.Empty)
            @Html.ValidationMessageFor(model => model.StatusID)
        </div>
       }
       else
       {
       @Html.HiddenFor(model => model.StatusID)}
}
        <p>
          @Html.HiddenFor(model => model.VisitTypeID)
          @Html.HiddenFor(model => model.CreatedBy)
          @Html.HiddenFor(model => model.Date)
          @Html.HiddenFor(model => model.VisitID)
          @Html.HiddenFor(model => model.PatientID)
          @Html.HiddenFor(model => model.timestamp)

        <input type="submit" value="Create" />

        </p>
    </fieldset>
}

说实话,这是我第一次实施案例,所以我的方法听起来有效???,或者它有一些我不知道的弱点。因为我需要在我的Web应用程序周围实现类似的案例......

请记住,我也在检查动作方法的CanBeEdited ..

提前感谢您的帮助。

更新: - 我的帖子操作方法如下: -

 [HttpPost]
        public ActionResult Edit(Visit visit)
        {
            if (!(visit.Editable(User.Identity.Name)))
            {
                return View("NotFound");
            }
            try
            {
                if (ModelState.IsValid)
                {
                    repository.UpdateVisit(visit);
                    repository.Save();
                    return RedirectToAction("Index");
                }
            }
            catch (DbUpdateConcurrencyException ex)
            {
                var entry = ex.Entries.Single();
                var clientValues = (Visit)entry.Entity;

                ModelState.AddModelError(string.Empty, "The record you attempted to edit "
                + "was modified by another user after you got the original value. The "
                + "edit operation was canceled and the current values in the database "
                + "have been displayed. If you still want to edit this record, click "
                + "the Save button again. Otherwise click the Back to List hyperlink.");
                //   patient.timestamp = databaseValues.timestamp;
            }

            catch (DataException)
            {
                //Log the error (add a variable name after Exception)
                ModelState.AddModelError(string.Empty, "Unable to save changes. Try again, and if the problem persists contact your system administrator.");
            }
            ViewBag.DoctorID = new SelectList(Membership.GetAllUsers(), "Username", "Username", visit.DoctorID);
            ViewBag.StatusID = new SelectList(db.VisitStatus, "StatusID", "Description", visit.StatusID);
            ViewBag.VisitTypeID = new SelectList(db.VisitTypes, "VisitTypeID", "Description", visit.VisitTypeID);
            return View(visit);
        }

2 个答案:

答案 0 :(得分:1)

我觉得在View中添加一个好主意。我想让My ViewModel保存一个布尔类型的属性,以确定它是否可编辑。检查相关权限后,您可以在控制器中设置的值。

public class ProductViewModel
{
  public bool IsEditable { set;get;}
  //other relevant properties
}

和控制器操作

public ActionResult GetProduct()
{
  ProductViewModel objVM=new ProductViewModel();
  objVm.IsEditable=CheckPermissions();

}
private bool CheckPermissions()
{
  //Check the conditions and return true or false;
}

所以视图会像那些一样干净

@if (Model.IsEditable)
{
  //Markup for editable region
}

答案 1 :(得分:0)

恕我直言,这听起来很有效。

更新:删除不相关的评论,并进行编辑以表明主要问题。

现在,仔细观察一下,特别是控制器动作,我强烈建议您删除隐藏的字段(除了从后端重新加载记录所需的字段)。

精明的用户可以篡改隐藏的表单数据(所有表单数据),您的控制器操作将很乐意将其全部发送回服务器。

实际上,您应该仅回发允许更改的字段,从后端重新补充记录,并将“可编辑”字段传输到新副本。这也更接近于解决并发编辑和陈旧记录问题。