2

Sorry if you found that I'm asking stupid questions. But I'm new to asp.net and I'm facing a problem:

I'm writing a simple blog to learn asp.mvc, and I want to display an Edit link next to the blog Title if the user is logged in. Currently I have to add the currentUser object to Model and check the IsLogged properties to decide if I should display the Edit link or not. The problem is if there is no logged in user, I have to create an fake currentUser to insert to Model in other to make it work. What's asking is there is any other elegant way to do this. For example we can use [Authorize] attribute in Controller to allow access to an Action or not. There is any similar way to apply for the View ?

Improve this question

2 Answers 2

Reset to default
3

If you are using Forms authentication, this property already exists in the Request object :

Request.IsAuthenticated

In your view, you can solve you problem doing something like this : 

<%  if(this.Request.IsAuthenticated)
    {
%>
    <%= Html.ActionLink("Edit", url - to - action) %>
<%  }
%>

But I think you real problem is checking that the current user is the one that can edit the current blog. In that case, you can do an extension method CanEdit on the ViewPage object :

<%  if(this.CanEdit(this.User))
    {
%>
    <%= Html.ActionLink("Edit", url - to - action) %>
<%  }
%>

The extension would look like something like that :

public static class ViewExtensions
{
    public static bool CanEdit(ViewPage view, MyUser user)
    {
        bool retour = false;

        if(principal != null)
        {
            // get your blog from the view
            Blog blog = view.ViewData["myBlog"];
            // check if the principal is the owner
            retour = (blog.Owner.Id == user.Id);
        }
        return retour;
    }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Can you explain from where you got principal? if(principal != null)
0

Make the IsLoggedIn a boolean property of the model itself. This way, you can have CurrentUser equal to null when IsLoggedIn is false. Your view would check IsLoggedIn and never call anything on CurrentUser if it's false. This way, NullReferenceException is circumvented.

You can also throw away the IsLoggedIn property altogether and check if a user has logged in directly by using CurrentUser != null.

Improve this answer

3 Comments

Thanks for your quick answer, but there is any solution that doesn't need to put the CurrentUser into model, let say we have lot of View that require to check for login user and then display something, return the CurrentUser in every View is very tidy task.
You'll be breaking the MVC model if you do that. The View should rely on nothing except the Model object for rendering.
You shouldn't fetch the data current user data directly from the view. It should be done in the controller. You can, however, write an ActionFilter to intercept the requests in the controller and save the CurrentUser in ViewData to be accessed by the views in the future.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.