asp.net-mvc - ASP.NET MVC 限制表视图取决于用户角色
问题描述
因此,我正在构建一个网络应用程序,用于跟踪一家拥有不同网站的公司的假期。我需要在我的管理页面上显示员工列表,但我只希望经理/管理员根据他们的网站(他们可能有一个或多个)查看与他们相关的员工列表。
在我的管理页面上,我从我的数据库中创建了一个员工表,其中显示了所有员工以及每行指向他们详细信息的链接。
控制器 :
public ActionResult Index(int? page, string searchString)
{
var employees = db.Employees.Include(e => e.Area).Include(e => e.Discipline).Include(e => e.Shift).Include(e => e.Site).Include(e => e.UserRole);
return View(employees.ToList().ToPagedList(page ?? 1, 10 ));
}
模型:
public partial class Employee
public Employee()
{
this.HolidayRequestForms = new HashSet<HolidayRequestForm>();
}
public int EmployeeID { get; set; }
public string FullName { get; set; }
[Required(ErrorMessage = "This Field is Required")]
public string EmailID { get; set; }
[Required(ErrorMessage = "This Field is Required")]
public string Password { get; set; }
public System.DateTime StartDate { get; set; }
public int RoleID { get; set; }
public int ShiftID { get; set; }
public int AreaID { get; set; }
public int DisciplineID { get; set; }
public int SiteID { get; set; }
public int ALCategory { get; set; }
public Nullable<int> HoursTaken { get; set; }
public Nullable<int> AwardedLeave { get; set; }
public Nullable<int> TotalHoursThisYear { get; set; }
public int HoursCarriedForward { get; set; }
public Nullable<int> EntitlementRemainingThisYear { get; set; }
public string Comments { get; set; }
public int SickLeaveTaken { get; set; }
public Nullable<int> SickLeaveEntitlement { get; set; }
public Nullable<int> SickLeaveEntitlementRemaining { get; set; }
public int StudyLeaveEntitlement { get; set; }
public int StudyLeaveTaken { get; set; }
public Nullable<int> StudyLeaveRemaining { get; set; }
public int ExamLeaveTaken { get; set; }
public int ForceMajeure { get; set; }
public int BereavementLeaveTaken { get; set; }
public int MaternityLeaveTaken { get; set; }
public int ParentalLeaveTaken { get; set; }
public int AdoptionLeaveTaken { get; set; }
public string LoginErrorMessage { get; set; }
public virtual Area Area { get; set; }
public virtual Discipline Discipline { get; set; }
[System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Usage", "CA2227:CollectionPropertiesShouldBeReadOnly")]
public virtual ICollection<HolidayRequestForm> HolidayRequestForms { get; set; }
public virtual Shift Shift { get; set; }
public virtual Site Site { get; set; }
public virtual UserRole UserRole { get; set; }
}
和查看(只是表格部分):
<table class="table table-striped">
<tr>
<th>
Name
</th>
<th>
Start Date
</th>
<th>
Area
</th>
<th>
Discipline
</th>
<th>
Site Name
</th>
<th>
AL Category
</th>
<th>
Hours CF
</th>
<th>
Awarded Leave
</th>
<th>
Total Hours This Year
</th>
<th>
Hours Taken
</th>
<th>
Hours Remaining
</th>
<th>
Role
</th>
</tr>
@foreach (var item in Model)
{
<tr>
<td>
@Html.DisplayFor(modelItem => item.FullName)
</td>
<td>
@Html.DisplayFor(modelItem => item.StartDate)
</td>
<td>
@Html.DisplayFor(modelItem => item.Area.Area1)
</td>
<td>
@Html.DisplayFor(modelItem => item.Discipline.Discipline1)
</td>
<td>
@Html.DisplayFor(modelItem => item.Site.SiteName)
<td>
@Html.DisplayFor(modelItem => item.ALCategory)
</td>
<td>
@Html.DisplayFor(modelItem => item.HoursCarriedForward)
</td>
<td>
@Html.DisplayFor(modelItem => item.AwardedLeave)
</td>
<td>
@Html.DisplayFor(modelItem => item.TotalHoursThisYear)
</td>
<td>
@Html.DisplayFor(modelItem => item.HoursTaken)
</td>
<td>
@Html.DisplayFor(modelItem => item.EntitlementRemainingThisYear)
</td>
<td>
@Html.DisplayFor(modelItem => item.UserRole.RoleName)
</td>
<td>
@Html.ActionLink("Edit", "Edit", new { id = item.EmployeeID }, new { @class = "btn-xs btn-warning glyphicon glyphicon-pencil" })
@Html.ActionLink("Details", "Details", new { id = item.EmployeeID }, new { @class = "btn-xs btn-info glyphicon glyphicon-info-sign" })
@Html.ActionLink("Delete", "Delete", new { id = item.EmployeeID }, new { @class = "btn-xs btn-danger glyphicon glyphicon-trash" })
</td>
</tr>
}
</table>
@Html.PagedListPager(Model, page => Url.Action("Index", new { page }))
我希望只有分配给某些站点的经理/管理员才能查看这些站点,而不能查看其他站点。普通用户无权访问此页面。
这可以在mvc中做吗?
解决方案
推荐阅读
- python - 在 Linux 中以管理员权限运行 Jupyter Notebook
- node.js - 带有动态 URL 的 Webpack 开发服务器代理
- html - 两行文本的边框半径四舍五入
- vbscript - 如何使用 PowerDesigner VBScript 创建触发器并分配 TriggerTemplate?
- qt - 如何通过 id 使用 ffmpeg 记录窗口?
- swift - 如何将 xcassets 目录迁移到 Swift 包管理器?
- python - Python打包带demo
- javascript - 从参数字符串反应路由器中隐藏 URL id
- javascript - 在 JQuery Get Call 之后,Express 会话不会持续存在
- python - 将 csv 更新为 dynamodb 时出现 KeyError