MVC Encrypt/ hide information according to User function

Question

MVC Encrypt/ hide information according to User function

Asked 6 years, 1 month ago

Viewed 73 times

2

Can anyone help encrypt information according to the user’s role? Basically I want the following: if the user function is = "Admin" the phone number appears 435267456. If the User function is = "User" the Mobile number appears xxxxxxxxxx.

I used this @if (User.Isinrole ("Admin")) to hide links depending on function and it works, now I want to encrypt the information but I can’t.

Model

public partial class Cliente
{
    [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Usage", "CA2214:DoNotCallOverridableMethodsInConstructors")]
    public Cliente()
    {
        this.Reserva = new HashSet<Reserva>();
    }

    public int ID_Cliente { get; set; }
    public string Nome { get; set; }
    public string Morada { get; set; }
    public string Telemovel { get; set; }
    public string Email { get; set; }
    public string Contribuinte { get; set; }
    public string CartaoCidadao { get; set; }
    public System.DateTime DataValidade { get; set; }
    public System.DateTime DataNascimento { get; set; }
    public System.DateTime DataRegisto { get; set; }
    public string País { get; set; }

    [System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Usage", "CA2227:CollectionPropertiesShouldBeReadOnly")]
    public virtual ICollection<Reserva> Reserva { get; set; }
}

View

  <div class="form-group">
        <label class="col-md-4 control-label">Telemóvel</label>
        <div class="col-md-4 inputGroupContainer">
            <div class="input-group">
                <span class="input-group-addon"><i class="glyphicon glyphicon-earphone"></i></span>
                <input name="Telemovel" class="form-control" type="text" value="@Model.Telemovel" readonly="readonly">
            </div>
        </div>
    </div>

Controller

// GET: Clientes/Details/5
public ActionResult Details(int? id)
{


    if (id == null)
    {
        return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
    }
    Cliente cliente = db.Cliente.Find(id);
    if (cliente == null)
    {
        return HttpNotFound();
    }

    ViewBag.ListaReservas = db.Reserva.Include(p=> p.Cliente).Where(p => p.ID_Cliente == cliente.ID_Cliente);


    return View(cliente);
}

It’s just for viewing or you’ll do something with this information?

– Barbetta

2018/05/09 at 12:52
@Barbetta It’s for viewing only

– John

2018/05/09 at 12:55
Do you want to encrypt or simply hide the information? The title has nothing to do with what is given as an example.

– Inkeliz

2018/05/09 at 13:25

2 answers

1

As it is just visualization there is no need to do something complex, you can in your view make a if and whether or not to display the data:

 <div class="form-group">
        <label class="col-md-4 control-label">Telemóvel</label>
        <div class="col-md-4 inputGroupContainer">
            <div class="input-group">
                <span class="input-group-addon"><i class="glyphicon glyphicon-earphone"></i></span>
                @if (User.IsInRole ("Admin"))
                {
                    <input name="Telemovel" class="form-control" type="text" value="@Model.Telemovel" readonly="readonly">
                }else
                {
                    <input name="Telemovel" class="form-control" type="text" value="xxxxxxxxxx" readonly="readonly">
                }
            </div>
        </div>
    </div>

Another option would be nay wear that if in view and in your controller change the information to what you want according to the permission:

public ActionResult Details(int? id)
{
    if (id == null)
    {
        return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
    }
    Cliente cliente = db.Cliente.Find(id);
    if (cliente == null)
    {
        return HttpNotFound();
    }

    if(!User.IsInRole ("Admin"))
    {
        cliente.Telemovel = new String('x', cliente.Telemovel.Length);
    }

    ViewBag.ListaReservas = db.Reserva.Include(p=> p.Cliente).Where(p => p.ID_Cliente == cliente.ID_Cliente);


    return View(cliente);
}

Note that in the second option on if if he’s not admin he assigns the property Telemovel the value xxxx, in this case the quantity of "x" is in accordance with the size of the string

Perfect, it worked perfectly!! Thank you very much !!!!

– John

2018/05/09 at 13:30
1

@Heftysilva From what you’re saying, it seems to be the case of mark an answer as accepted. If you have an answer that really helped you, mark it as accepted. So content is more organized and easier to find in the future by other people with similar problems. ;)

– Barbetta

2018/05/09 at 13:33

Browser other questions tagged asp.net-mvc

You are not signed in. Login or sign up in order to post.

by Caio Saldanha • **116** points · Answer 1 · 2018-05-09T13:13:15+00:00

The correct way would be to implement a domain class (not directly in the View using Razor), the Model in this case, which does the validation and returns only the allowed information based on the user’s permission level.

For this it would be correct to create a user table view for each user type, example:

CREATE VIEW vw_userForAdmin AS
 SELECT name, mobile // E todas as outras permitidas aos admins
 FROM [User];

In Model.User (which Voce did not post the code) there must be a method "getUserInfos(int user_id, string permission_role)" that will make the query in the appropriate VIEW and no longer direct in the table.

Example:

getUserInfos(int user_id, stirng permission_role){
  switch(permission_role){
    case PERMISSIONS.ADMIN:
     // SELECT na VIEW e não mais na tabela User
  }
}

References: https://docs.microsoft.com/pt-br/sql/t-sql/statements/create-view-transact-sql?view=sql-server-2017 https://docs.microsoft.com/pt-br/aspnet/mvc/overview/getting-started/getting-started-with-ef-using-mvc/creating-an-entity-framework-data-model-for-an-asp-net-mvc-application