0

我有一个名为的对象Visit,我定义了以下内容helper method(“CanBeEdited”)来指定用户是否可以编辑对象Status属性:-

public partial class Visit 
    {
        public bool CanBeEdited(string username)
        {return (((DoctorID != null) && (DoctorID.ToUpper().Equals(username.ToUpper()))) && (StatusID == 5));       }     }}

然后我指定根据天气dropdownlist在我的视图上显示或隐藏某些帮助方法返回真或假(如果它返回真那么用户可以查看和编辑,如果它返回假然后视图将呈现一个代表旧状态值)。EditCanBeEditedStatus dropdownlist@Html.HiddenFor

我的包含辅助方法的编辑视图如下所示:-

@using (Html.BeginForm())
{
    @Html.ValidationSummary(true)
    <fieldset>
        <legend>Visit</legend>
        <div class="editor-label">
            @Html.LabelFor(model => model.Note)
        </div>
        <div class="editor-field">
            @Html.EditorFor(model => model.Note)
            @Html.ValidationMessageFor(model => model.Note)
        </div>


        <div class="editor-label">
            @Html.LabelFor(model => model.DoctorID)
        </div>
        <div class="editor-field">
            @Html.DropDownList("DoctorID", String.Empty)
            @Html.ValidationMessageFor(model => model.DoctorID)
        </div>

        @{
       if (Model.CanBeEdited(Context.User.Identity.Name))
       {
        <div class="editor-label">
            @Html.LabelFor(model => model.StatusID)
        </div>
        <div class="editor-field">
            @Html.DropDownList("StatusID", String.Empty)
            @Html.ValidationMessageFor(model => model.StatusID)
        </div>
       }
       else
       {
       @Html.HiddenFor(model => model.StatusID)}
}
        <p>
          @Html.HiddenFor(model => model.VisitTypeID)
          @Html.HiddenFor(model => model.CreatedBy)
          @Html.HiddenFor(model => model.Date)
          @Html.HiddenFor(model => model.VisitID)
          @Html.HiddenFor(model => model.PatientID)
          @Html.HiddenFor(model => model.timestamp)

        <input type="submit" value="Create" />

        </p>
    </fieldset>
}

老实说,这是我第一次实施案例,所以我的方法听起来有效吗???,或者它有一些我不知道的弱点??. 因为我需要在我的 Web 应用程序周围实现类似的案例......

请记住,我还在检查操作方法上的 CanBeEdited ..

提前感谢您的帮助。

更新:- 我的后操作方法如下:-

 [HttpPost]
        public ActionResult Edit(Visit visit)
        {
            if (!(visit.Editable(User.Identity.Name)))
            {
                return View("NotFound");
            }
            try
            {
                if (ModelState.IsValid)
                {
                    repository.UpdateVisit(visit);
                    repository.Save();
                    return RedirectToAction("Index");
                }
            }
            catch (DbUpdateConcurrencyException ex)
            {
                var entry = ex.Entries.Single();
                var clientValues = (Visit)entry.Entity;

                ModelState.AddModelError(string.Empty, "The record you attempted to edit "
                + "was modified by another user after you got the original value. The "
                + "edit operation was canceled and the current values in the database "
                + "have been displayed. If you still want to edit this record, click "
                + "the Save button again. Otherwise click the Back to List hyperlink.");
                //   patient.timestamp = databaseValues.timestamp;
            }

            catch (DataException)
            {
                //Log the error (add a variable name after Exception)
                ModelState.AddModelError(string.Empty, "Unable to save changes. Try again, and if the problem persists contact your system administrator.");
            }
            ViewBag.DoctorID = new SelectList(Membership.GetAllUsers(), "Username", "Username", visit.DoctorID);
            ViewBag.StatusID = new SelectList(db.VisitStatus, "StatusID", "Description", visit.StatusID);
            ViewBag.VisitTypeID = new SelectList(db.VisitTypes, "VisitTypeID", "Description", visit.VisitTypeID);
            return View(visit);
        }
4

2 回答 2

1

我不觉得在视图中添加它是一个好主意。我想让 My ViewModel 保存一个布尔类型的属性,以确定它是否可编辑。检查相关权限后,您可以在控制器中设置的值。

public class ProductViewModel
{
  public bool IsEditable { set;get;}
  //other relevant properties
}

和控制器动作

public ActionResult GetProduct()
{
  ProductViewModel objVM=new ProductViewModel();
  objVm.IsEditable=CheckPermissions();

}
private bool CheckPermissions()
{
  //Check the conditions and return true or false;
}

所以视图会像这样干净

@if (Model.IsEditable)
{
  //Markup for editable region
}
于 2012-04-26T03:03:13.693 回答
0

恕我直言,这听起来足够有效。

更新:删除了不相关的评论,并进行了编辑以表明主要关注点。

现在,仔细看看,尤其是使用控制器操作,我强烈建议您消除隐藏字段(除了需要从后端重新加载记录的字段)。

精明的用户可以篡改隐藏的表单数据(所有表单数据),您的控制器操作会很乐意将其全部发送回服务器。

实际上,您应该只回发允许更改的字段,从后端重新水化记录,并将“可编辑”字段转移到新副本。这也更接近于解决并发编辑和陈旧记录问题。

于 2012-04-26T02:52:49.550 回答