I am currently developing a Web Application with ASP.NET MVC 5 with Visual Studio 2019.
The App is about a school management system.
App has a Control and Management System, which is having same UI for all logged in users with some roles.
Roles are Administrator, Teacher, Accountant
When logged in by any of the user of above Roles, user is presented with a Home Screen Dashboard, where they can view School related and class related brief snapshot data.
An Administrator will be able to see all the data of school and students and teachers on the same dashboard page and all over the web app.
A Teacher will be able to see data related to their class and students only, not the data of Administrator and Accountant Roles.
I thought of using passing a parameter to each LINQ query with some id of logged in user, but what happens is, where in LINQ is beneficial only when Teacher is logged in but Administrator needs all data so I need to modify the query that time.
How to achieve this with same controller, giving full data to Administrator role and giving partial data to Teacher Role?
HomeController
public class HomeController : Controller
{
DBEntities db = new DBEntities();
public ActionResult Index()
{
return View();
}
public ActionResult GetLatestActivity(int id)
{
var data = from n in db.ACTIVITies
where n.USERID == id //This is ok when teacher is logged in but Admin needs all data, so not useful there
orderby n.ID descending
select new ActivityViewModel
{
ID = n.ID,
AREA = n.AREA,
SECTION = n.SECTION,
MESSAGE = n.MESSAGE,
CREATE_TIMESTAMP = (DateTime)n.CREATE_TIMESTAMP
};
return Json(data.Take(6), JsonRequestBehavior.AllowGet);
}
}
CodePudding user response:
I think you can do something like this if you are using Microsoft.AspNet.Identity, because it's not clear to me. Otherwise you can implement your own isAdmin check method.
public ActionResult GetLatestActivity(int id)
{
var isAdmin = User.IsInRole("Administrator");
var data = from n in db.ACTIVITies
where n.USERID == (isAdmin ? n.USERID : id)
orderby n.ID descending
select new ActivityViewModel
{
ID = n.ID,
AREA = n.AREA,
SECTION = n.SECTION,
MESSAGE = n.MESSAGE,
CREATE_TIMESTAMP = (DateTime)n.CREATE_TIMESTAMP
};
return Json(data.Take(6), JsonRequestBehavior.AllowGet);
}