我有一个名为Visit的对象,我定义了以下helper method(“CanBeEdited”)来指定用户是否可以编辑对象Status属性: -
public partial class Visit
{
public bool CanBeEdited(string username)
{return (((DoctorID != null) && (DoctorID.ToUpper().Equals(username.ToUpper()))) && (StatusID == 5)); } }}
然后我已指定在dropdownlist视图中显示或隐藏某些Edit,具体取决于天气CanBeEdited辅助方法返回true或false(如果返回true,则用户可以查看并编辑Status dropdownlist,如果返回false,则视图将呈现表示旧状态值的@Html.HiddenFor。
我的编辑视图包含帮助方法,如下所示: -
@using (Html.BeginForm())
{
@Html.ValidationSummary(true)
<fieldset>
<legend>Visit</legend>
<div class="editor-label">
@Html.LabelFor(model => model.Note)
</div>
<div class="editor-field">
@Html.EditorFor(model => model.Note)
@Html.ValidationMessageFor(model => model.Note)
</div>
<div class="editor-label">
@Html.LabelFor(model => model.DoctorID)
</div>
<div class="editor-field">
@Html.DropDownList("DoctorID", String.Empty)
@Html.ValidationMessageFor(model => model.DoctorID)
</div>
@{
if (Model.CanBeEdited(Context.User.Identity.Name))
{
<div class="editor-label">
@Html.LabelFor(model => model.StatusID)
</div>
<div class="editor-field">
@Html.DropDownList("StatusID", String.Empty)
@Html.ValidationMessageFor(model => model.StatusID)
</div>
}
else
{
@Html.HiddenFor(model => model.StatusID)}
}
<p>
@Html.HiddenFor(model => model.VisitTypeID)
@Html.HiddenFor(model => model.CreatedBy)
@Html.HiddenFor(model => model.Date)
@Html.HiddenFor(model => model.VisitID)
@Html.HiddenFor(model => model.PatientID)
@Html.HiddenFor(model => model.timestamp)
<input type="submit" value="Create" />
</p>
</fieldset>
}
说实话,这是我第一次实施案例,所以我的方法听起来有效???,或者它有一些我不知道的弱点。因为我需要在我的Web应用程序周围实现类似的案例......
请记住,我也在检查动作方法的CanBeEdited ..
提前感谢您的帮助。
更新: - 我的帖子操作方法如下: -
[HttpPost]
public ActionResult Edit(Visit visit)
{
if (!(visit.Editable(User.Identity.Name)))
{
return View("NotFound");
}
try
{
if (ModelState.IsValid)
{
repository.UpdateVisit(visit);
repository.Save();
return RedirectToAction("Index");
}
}
catch (DbUpdateConcurrencyException ex)
{
var entry = ex.Entries.Single();
var clientValues = (Visit)entry.Entity;
ModelState.AddModelError(string.Empty, "The record you attempted to edit "
+ "was modified by another user after you got the original value. The "
+ "edit operation was canceled and the current values in the database "
+ "have been displayed. If you still want to edit this record, click "
+ "the Save button again. Otherwise click the Back to List hyperlink.");
// patient.timestamp = databaseValues.timestamp;
}
catch (DataException)
{
//Log the error (add a variable name after Exception)
ModelState.AddModelError(string.Empty, "Unable to save changes. Try again, and if the problem persists contact your system administrator.");
}
ViewBag.DoctorID = new SelectList(Membership.GetAllUsers(), "Username", "Username", visit.DoctorID);
ViewBag.StatusID = new SelectList(db.VisitStatus, "StatusID", "Description", visit.StatusID);
ViewBag.VisitTypeID = new SelectList(db.VisitTypes, "VisitTypeID", "Description", visit.VisitTypeID);
return View(visit);
}
答案 0 :(得分:1)
我觉得在View中添加一个好主意。我想让My ViewModel保存一个布尔类型的属性,以确定它是否可编辑。检查相关权限后,您可以在控制器中设置的值。
public class ProductViewModel
{
public bool IsEditable { set;get;}
//other relevant properties
}
和控制器操作
public ActionResult GetProduct()
{
ProductViewModel objVM=new ProductViewModel();
objVm.IsEditable=CheckPermissions();
}
private bool CheckPermissions()
{
//Check the conditions and return true or false;
}
所以视图会像那些一样干净
@if (Model.IsEditable)
{
//Markup for editable region
}
答案 1 :(得分:0)
更新:删除不相关的评论,并进行编辑以表明主要问题。
现在,仔细观察一下,特别是控制器动作,我强烈建议您删除隐藏的字段(除了从后端重新加载记录所需的字段)。
精明的用户可以篡改隐藏的表单数据(所有表单数据),您的控制器操作将很乐意将其全部发送回服务器。
实际上,您应该仅回发允许更改的字段,从后端重新补充记录,并将“可编辑”字段传输到新副本。这也更接近于解决并发编辑和陈旧记录问题。