Hide different options (actions) for different user profiles

Asked

Viewed 874 times

6

I am in a project where I have 3 different levels of profiles: Administrator, Professor and Coordinator. I already have the login module, registration and such.

What happens is that I wanted for each type of profile to appear only what it is allowed, hiding the parts of the system that it cannot access according to its hierarchy.

This is direct on view? If it is, how do you do it?

2 answers

6

Whereas your project uses at least Membership or ASP.NET Identity, write down on top of each View the following attribute:

[Authorize(Roles = "Administrador, Professor, Coordenador")]
public ActionResult MinhaAction() { ... }

To authorize any user on Role, use the following command somewhere in your code:

Roles.AddUserToRole("LoginDoUsuario", "Administrador");

To check in your code if the user belongs to any Role, use:

if (User.IsInRole("Administrador")) { ... }

To remove the user from a Role, use:

Roles.RemoveUserFromRole("LoginDoUsuario", "Administrador");

For Views, the principle is the same:

@if (User.IsInRole("Administrador")) { ... }

To verify the Roles of the current user:

@Roles.GetRolesForUser()

Or a specific user:

@Roles.GetRolesForUser("LoginDoUsuario")

By the way, you can use the attribute without specifying Role only to verify that the user is logged in:

[Authorize]
public ActionResult MinhaAction() { ... }

If no authentication scheme is specified, your application will use the SimpleMembership if it is MVC4 or ASP.NET Identity with Basic Authentication if it’s MVC5.

As stated, it is possible to customize the authentication scheme by reimplementing some classes. In any case, this part would already serve for another question.

  • Very good your answer. But I’m using Forms Authentication ! And that way, if a teacher tries to access an area that he can’t, the system rejects his identity and logs off. But what I really wanted is, for example, a Teacher, can not add or delete or even edit the student data, can only view and detail the data. So in this case, how do I hide the edit, add, and remove links in the Index view ?

  • 2

    Using this answer line: if (User.IsInRole("Administrador")) { ... }.

  • Directly in View ?

  • Yes, it can be at View, including, with the @ in front.

  • Ahh understood. And in if I would leave blank like that ? Or have some check to do there ? Could put more than one profile on that line there ?

  • It’s another function. I’ll put in the answer.

  • Gypsy, did not work, I put the if, and the option does not appear for any profile...

  • I think it is again the case to open another question, this time detailing what was done in the solution. Then I can suggest what to do.

Show 3 more comments

2


Another possible situation would be, to have different profiles, create partitals corresponding to each user profile that exists in the system. That is, if you have 3 different profiles, separate the system into areas and decorate the actions with the possible permissions, according to your system and then each profile accesses only your area.
In short, create an action that returns a specific partial to that type of profile. This solves any problem with permissions, because each profile can only access what is allowed, what is not, not access !
To create these permissions can be used as a basis this link here as a basis for doing this operation, which is even another question of mine.

I hope I’ve helped !

  • 1

    The problem with this is that a profile inclusion causes you to have to modify the system again. Considering a scenario where practically the system doesn’t change, it’s okay to be that way. The problem is when permissions change with some not negligible frequency.

  • That’s the problem with this approach is rework if any logic in the profile changes. Because I might have to change the partial and stuff and change the controller decoration. But every approach has its pros and cons, but it might be good for someone who needs some light to do it.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.