I'm developing Intranet web application using MVC 4 Razor (Windows based authentication). I would like to get guidance to correct approach to implement the following scenario.
My application has 2 Roles - HR and Manager.
I have a View which has a radio control that displays the Employee Type. Following are the values. 1. Temporary 2. Permanent 3. Intern 4. Consultant
Both HR and Manager role users have access to the above View. But the requirement - HR should see "Permanent" and "Intern" value, whereas Manager should see "Temporary" and "Consultant" value in that Radio control.
The above 4 values are coming from Database table.
I would like authorize the user based on the role and its access to the Htmlcontrol and Htmlcontrol(radio button) binding data.
I would prefer to use a generic way to handle this scenario, instead of filtering the data based on the role using if condition in view.
Please guide me the approach that I need to use to well handle this scenario. Thanks.
One approach I can think of is,
you create
public class RoleManagerFilter : ActionFilterAttribute
and in this class you add, following function
void IActionFilter.OnActionExecuting(ActionExecutingContext filterContext)
the above function will check the role from session(assuming its in session) and then accordingly filter the data for Employee Type
here is the msdn link for the theory behind it.
http://msdn.microsoft.com/en-us/library/dd410056%28v=vs.100%29.aspx