In a previous post I explained how you could extend Rhino.Security to add whatever you want.
Marco asked me how we are using field level security in our application. In this post I will explain how we do it. ASP.NET MVC contains a HtmlHelper that you can use to add for example textboxes, dropdowns, hidden fields,... to your view. In our approach we created extensions methods for the HtmlHelper. This approach was initiated by my colleague Gino and together with another colleague Bavo, who definitely needs to start blogging about his experiences with Rhino.DSL, Rhino.ETL and Boo, we took it one step further.
We still have some issues to tackle, mostly concerning GUI stuff. We need to make sure for example that a page still looks good if fields start to disappear in that page. That's something that can be solved using JQuery. Another thing is the damn taborder ;-). Also something that can possibly be solved using JQuery but we are not quite sure yet how.
We also need to do some optimizations. The HTML is now mainly generated using "string.Format". It would be better to use the HTMLTextWriter for this task.
Anyway let's explain how you can do it. In my view I add a textbox as follows:
Following parameters are passed to the method:
- Name of the textbox;
- Name for the label that will be added to the textbox;
- The property for which the authorization needs to be checked;
- The instance: will be used to set the value of the textbox;
- A dictionary with HTML attributes.
The implemenation of SecuredTextBox looks as follows:
One of the first things we do there is getting the access level.
I think the rest of this code is pretty self-explanatory. If someone has an idea on how to deal with taborders in this scenario, I would love to hear about it ;-)