Home > Enterprise >  Get all data from database for Administrator role but not for other roles, using same query
Get all data from database for Administrator role but not for other roles, using same query

Time:12-20

I am currently developing a Web Application with ASP.NET MVC 5 with Visual Studio 2019.

The App is about a school management system.

App has a Control and Management System, which is having same UI for all logged in users with some roles.

Roles are Administrator, Teacher, Accountant

When logged in by any of the user of above Roles, user is presented with a Home Screen Dashboard, where they can view School related and class related brief snapshot data.

An Administrator will be able to see all the data of school and students and teachers on the same dashboard page and all over the web app.

A Teacher will be able to see data related to their class and students only, not the data of Administrator and Accountant Roles.

I thought of using passing a parameter to each LINQ query with some id of logged in user, but what happens is, where in LINQ is beneficial only when Teacher is logged in but Administrator needs all data so I need to modify the query that time.

How to achieve this with same controller, giving full data to Administrator role and giving partial data to Teacher Role?

HomeController

public class HomeController : Controller
    {
        DBEntities db = new DBEntities();

        public ActionResult Index()
        {
            return View();
        }
        public ActionResult GetLatestActivity(int id)
        {
            var data = from n in db.ACTIVITies
                       where n.USERID == id //This is ok when teacher is logged in but Admin needs all data, so not useful there
                       orderby n.ID descending
                       select new ActivityViewModel
                       {
                           ID = n.ID,
                           AREA = n.AREA,
                           SECTION = n.SECTION,
                           MESSAGE = n.MESSAGE,
                           CREATE_TIMESTAMP = (DateTime)n.CREATE_TIMESTAMP
                       };
            return Json(data.Take(6), JsonRequestBehavior.AllowGet);
        }
    }

CodePudding user response:

I think you can do something like this if you are using Microsoft.AspNet.Identity, because it's not clear to me. Otherwise you can implement your own isAdmin check method.

    public ActionResult GetLatestActivity(int id)
    {
        var isAdmin = User.IsInRole("Administrator"); 

        var data = from n in db.ACTIVITies
                   where n.USERID == (isAdmin ? n.USERID : id)
                   orderby n.ID descending
                   select new ActivityViewModel
                   {
                       ID = n.ID,
                       AREA = n.AREA,
                       SECTION = n.SECTION,
                       MESSAGE = n.MESSAGE,
                       CREATE_TIMESTAMP = (DateTime)n.CREATE_TIMESTAMP
                   };
        return Json(data.Take(6), JsonRequestBehavior.AllowGet);
    }
  • Related