Recently I have started to work on show/hide, enable/disable controls based on logged in users role and its assigned permissions. While browsing on the net lot of people have provided to create the custom html helper and also the latest introduced tag helpers.
最近我开始研究显示/隐藏,根据登录用户角色及其分配的权限启用/禁用控件。虽然浏览网络很多人已经提供了创建自定义html帮助程序以及最新引入的标记帮助程序。
So, my question is can i show/hide, enable/disable controls using TagHelpers ? or do i need to write html helper only.
所以,我的问题是我可以使用TagHelpers显示/隐藏,启用/禁用控件吗?或者我只需要编写html帮助器。
Right now I have implemented it as follows using the traditional method
现在我使用传统方法实现如下
@if (!permissions.CheckPermission("course.coursedetails.mytextbox.visible"))
{
<section class="col col-5">
<label class="label">@objLocalizer["Title"]</label>
<label class="input">
<i class="icon-append fa fa-tag"></i>
@Html.TextBoxFor(model => model.CourseLang.CourseTitle, permissions.CheckPermission ("course.coursedetails.mytextbox.enabled") ? (object)new { @disabled = "disabled", @class = "form-control", @id = "mytextbox" } : new { @class = "form-control", @id = "mytextbox" })
<span asp-validation-for="CourseLang.CourseTitle" class="text-danger"></span>
</label>
</section>
}
As you can see I have checked the required permission in @Html.TextBoxFor, However this logic is not applicable on all types of controls like select, label etc.
正如您所看到的,我已经检查了@ Html.TextBoxFor中所需的权限,但是这个逻辑不适用于所有类型的控件,如select,label等。
So, how can i make a common approach/class to achieve this thing by using tag helper/html helper ?
那么,我怎样才能通过使用标签helper / html helper来创建一个通用的方法/类来实现这个目的呢?
1 个解决方案
#1
1
If you use the built in authorization pieces you can do this using the IAuthorizationService.
如果您使用内置授权部分,则可以使用IAuthorizationService执行此操作。
First, you'd need to swap out whatever permissions.CheckPermissions() is, and go back to the claims based authorization built into asp.net core. Assuming you need something more than a simple claims check then you'd use code policies and requirements to express your rules, then finally you check those policies inside your views, wrapping the controls you wish to stop rendering with the checks.
首先,你需要换掉任何权限.CheckPermissions(),然后回到asp.net核心内置的基于声明的授权。假设您需要的不仅仅是简单的声明检查,那么您将使用代码策略和要求来表达您的规则,然后最终在视图中检查这些策略,包含您希望通过检查停止呈现的控件。
Don't forget you need to duplicate the checks in the controller code, because otherwise developer tools in browsers can be used to add the controls back, regardless of what you rendered in the first place.
不要忘记您需要复制控制器代码中的检查,因为否则可以使用浏览器中的开发人员工具来添加控件,无论您首先渲染什么。
#1
1
If you use the built in authorization pieces you can do this using the IAuthorizationService.
如果您使用内置授权部分,则可以使用IAuthorizationService执行此操作。
First, you'd need to swap out whatever permissions.CheckPermissions() is, and go back to the claims based authorization built into asp.net core. Assuming you need something more than a simple claims check then you'd use code policies and requirements to express your rules, then finally you check those policies inside your views, wrapping the controls you wish to stop rendering with the checks.
首先,你需要换掉任何权限.CheckPermissions(),然后回到asp.net核心内置的基于声明的授权。假设您需要的不仅仅是简单的声明检查,那么您将使用代码策略和要求来表达您的规则,然后最终在视图中检查这些策略,包含您希望通过检查停止呈现的控件。
Don't forget you need to duplicate the checks in the controller code, because otherwise developer tools in browsers can be used to add the controls back, regardless of what you rendered in the first place.
不要忘记您需要复制控制器代码中的检查,因为否则可以使用浏览器中的开发人员工具来添加控件,无论您首先渲染什么。