by robert
31. October 2008 03:32
I just hit another good question on stackoverflow.com.
Summary: The question deals with adding the class html attribute to the Html.RouteLink. MVC Html helpers allow you to manage html attributes by using something like
<%= Html.RouteLink("Default", "Default",null, new { Class="css_class"}) %>and this should render it as
<a class="css_classname">...
But in the case of the RouteLink, it renders it as
<a Class="css_classname">...
Not XHTML friendly.
I just re-discovered that you can get around this by using the @ prefix. I read about this when I was starting to use c# and never had to deal with it. How often do you need to name a class "class"? I suppose if one worked in education...
Anyway, the way to fix this is adding the @ prefix to class, like this:
<%= Html.RouteLink("Default", "Default",null, new { @class="css_class"}) %>
which renders correctly. I think the MVC team is still cleaning up the Html helper code and just hasn't gotten to the RouteLink yet.
On a side note: I really enjoy stackoverflow. The amount of stuff you can learn and re-learn from using this site is amazing. Specially if you are working on MVC!
by robert
22. October 2008 12:58
I am a big fan of ASP.Net MVC and the DRY principle.
Extending the work done by Maarten Balliauw, the following is my attempt at creating an "security aware" action link that detects if a user is authorized to click (invoke) the action. The point is to show, hide or disable a link based on the Authorize attribute of the controller.
The code allows you to show a disabled link as a <span> label or hide it completely.
I'm trying to avoid using Reflection, but so far I haven't figured out how.
Here is the code:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Security.Principal;
using System.Web.Routing;
using System.Web.Mvc;
using System.Collections;
using System.Reflection;
namespace System.Web.Mvc.Html
{
public static class HtmlHelperExtensions
{
public static string SecurityTrimmedActionLink(
this HtmlHelper htmlHelper,
string linkText,
string action,
string controller)
{
return SecurityTrimmedActionLink(htmlHelper, linkText, action, controller, false);
}
public static string SecurityTrimmedActionLink(this HtmlHelper htmlHelper, string linkText, string action, string controller, bool showDisabled)
{
if (IsAccessibleToUser(action, controller))
{
return htmlHelper.ActionLink(linkText, action, controller);
}
else
{
return showDisabled ? String.Format("<span>{0}</span>", linkText) : "";
}
}
public static bool IsAccessibleToUser(string actionAuthorize, string controllerAuthorize)
{
Assembly assembly = Assembly.GetExecutingAssembly();
GetControllerType(controllerAuthorize);
Type controllerType = GetControllerType(controllerAuthorize);
var controller = (IController)Activator.CreateInstance(controllerType);
ArrayList controllerAttributes = new ArrayList(controller.GetType().GetCustomAttributes(typeof(AuthorizeAttribute), true));
ArrayList actionAttributes = new ArrayList();
MethodInfo[] methods = controller.GetType().GetMethods();
foreach (MethodInfo method in methods)
{
object[] attributes = method.GetCustomAttributes(typeof(ActionNameAttribute), true);
if ((attributes.Length == 0 && method.Name == actionAuthorize) || (attributes.Length > 0 && ((ActionNameAttribute)attributes[0]).Name == actionAuthorize))
{
actionAttributes.AddRange(method.GetCustomAttributes(typeof(AuthorizeAttribute), true));
}
}
if (controllerAttributes.Count == 0 && actionAttributes.Count == 0)
return true;
IPrincipal principal = HttpContext.Current.User;
string roles = "";
string users = "";
if (controllerAttributes.Count > 0)
{
AuthorizeAttribute attribute = controllerAttributes[0] as AuthorizeAttribute;
roles += attribute.Roles;
users += attribute.Users;
}
if (actionAttributes.Count > 0)
{
AuthorizeAttribute attribute = actionAttributes[0] as AuthorizeAttribute;
roles += attribute.Roles;
users += attribute.Users;
}
if (string.IsNullOrEmpty(roles) && string.IsNullOrEmpty(users) && principal.Identity.IsAuthenticated)
return true;
string[] roleArray = roles.Split(',');
string[] usersArray = users.Split(',');
foreach (string role in roleArray)
{
if (role == "*" || principal.IsInRole(role))
return true;
}
foreach (string user in usersArray)
{
if (user == "*" && (principal.Identity.Name == user))
return true;
}
return false;
}
public static Type GetControllerType(string controllerName)
{
Assembly assembly = Assembly.GetExecutingAssembly();
foreach (Type type in assembly.GetTypes())
{
if (type.BaseType.Name == "Controller" && (type.Name.ToUpper() == (controllerName.ToUpper() + "Controller".ToUpper())))
{
return type;
}
}
return null;
}
}
}
108a5ab5-43dd-448f-91d0-a1a7f08dbbfd|4|4.5
Tags:
ASP.Net MVC
Subscribe