我正在编写一个基于C#的MVC Web应用程序,它显示信息的类别和子类别。
所以,我有一个类别表的数据库设置,它与自身相关,对于子类别 - 这都与实体框架相连,并且运行良好。
我正在努力解决的问题是如何实现权限系统 - 我可以使用ViewBag轻松地完成此任务,但我想知道这是否是一种“正确”的方法。
我的观点如下:
@using Secure_Password_Repository.Utilities;
@using Secure_Password_Repository.Settings;
@using Secure_Password_Repository.ViewModels;
@model Secure_Password_Repository.ViewModels.CategoryDisplayItem
<ul id="roottree" class="treeview ui-accordion-content ui-helper-reset ui-widget-content ui-corner-bottom ui-accordion ui-widget ui-sortable ui-accordion-content-active">
<li class="treeignore treeview ui-accordion ui-widget ui-helper-reset ui-sortable" data-id="0">
<div><i class="glyphicon glyphicon-folder-open rightfolderpadding"></i>Root</div>
<ul class="treeview ui-accordion-content ui-helper-reset ui-widget-content ui-corner-bottom ui-accordion ui-widget ui-sortable ui-accordion-content-active" id="parent-1">
@foreach (var categoryitem in Model.categoryListItem.SubCategories)
{
@Html.Partial("_CategoryItem", categoryitem)
}
@if (Model.CanAddCategories)
{
@Html.Partial("_CreateCategory", Model.categoryAddItem)
}
</ul>
</li>
</ul>
CategorDisplayItem模型如下所示:
public class CategoryDisplayItem
{
public CategoryItem categoryListItem { get; set; }
public CategoryAdd categoryAddItem { get; set; }
public PasswordAdd passwordAddItem { get; set; }
public bool CanAddCategories { get; set; }
public bool CanEditCategories { get; set; }
}
public class CategoryItem : CategoryEdit
{
[Required]
public Int32 Category_ParentID { get; set; }
public virtual ICollection<CategoryItem> SubCategories { get; set; }
public virtual ICollection<PasswordItem> Passwords { get; set; }
public bool CanEditCategory { get; set; }
public bool CanDeleteCategory { get; set; }
}
public class CategoryEdit
{
public Int32? CategoryId { get; set; }
[Required]
public string CategoryName { get; set; }
}
我遇到的问题是如何为CategoryItem视图模型设置CanEditCategory和CanDeleteCategory属性。该权限未按类别设置,全局设置,即如果我的帐户有权修改类别,则可以编辑所有类别。
CategoryItem模型是填充视图实体框架:
Category ReturnCategoryItem = DatabaseContext.Categories
.Where(c => c.CategoryId == categoryid)
.Include(c => c.SubCategories)
.Include(c => c.Passwords)
.Include(c => c.Passwords.Select(p => p.Creator))
.ToList()
.Select(c => new Category()
{
SubCategories = c.SubCategories
//make sure only undeleted subcategories are returned
.Where(sub => !sub.Deleted)
.OrderBy(sub => sub.CategoryOrder)
.ToList(),
Passwords = c.Passwords
//make sure only undeleted passwords - that the current user has acccess to - are returned
.Where(pass => !pass.Deleted && PermissionService.CanViewPassword(pass))
.OrderBy(pass => pass.PasswordOrder)
.ToList(),
CategoryId = c.CategoryId,
CategoryName = c.CategoryName,
Category_ParentID = c.Category_ParentID,
CategoryOrder = c.CategoryOrder,
Parent_Category = c.Parent_Category,
Deleted = c.Deleted
})
.SingleOrDefault();
SubCategories“Category”列表隐式地转换为“CategoryItem”列表。那么我该如何设置CanEditCategories和CanDeleteCategories属性?
就像我说的那样,我可以使用ViewBag ...但是我读到的所有内容都说使用ViewBag很糟糕。
答案 0 :(得分:1)
如果这些属性对每个用户都是唯一的,您可以将这些属性添加到您的Identity中,然后在您的视图中使用它们:
在您的视图顶部cshtml文件:
@using Microsoft.AspNet.Identity
然后使用以下语法访问您的用户名:
@if (@User.Identity.CanAddCategories())
{
@Html.Partial("_CreateCategory", Model.categoryAddItem)
}