MVC Session global variable

Question

Here is what I'm trying to achieve. Certain options at the navbar should be available only if the user has "subordinates" in the database.

So, at the navbar I have:

The Approvals should be hidden for some users, but available to others. For those whom it should be available, the user must: A) Be a Supervisor or, B) Have a subornidate at the DB table

So, as for "A" it's pretty straightforward. I did:

                    @if (User.IsInRole("Supervisor"))
                    {
                        <li>@Html.ActionLink("Approvals", "Index", "Approval")</li>
                    }

For "B", I was suggested to use Sessions. Well, great. So I came to the question: how can I make a single request to the DB and assign it to a Session["HasSubordinates"] so I can do this check?

                    @if (User.IsInRole("Supervisor") || (bool)Session["HasSubordinates"])
                    {
                        <li>@Html.ActionLink("Approvals", "Index", "Approval")</li>
                    }

What I tried was to have:

Session["HasSubordinates"] = _uow.ApprovalService.GetSubordinates(User.Identity.Name).Count() > 0;

for every single controller, but that didn't worked well because sometimes I get null pointer and it looks absolutely rubbish.

I know it may sound like a trivial question for some (or most), but I'm really stuck and I do really appreciate any help.

Answer 1

Don't use the session for this. What you need is a child action.

[ChildActionOnly]
public ActionResult Nav()
{
    var model = new NavViewModel
    {
        IsSupervisor = User.IsInRole("Supervisor");
        HasSubordinates = _uow.ApprovalService.GetSubordinates(User.Identity.Name).Count() > 0;
    }

    return ParialView("_Nav", model);
}

Then, just create a partial view, _Nav.cshtml and utilize the properties on the view model to render your nav however you like.

If you want, you can even use output caching on the child action, so it's only evaluated once per user. There's no built-in way to vary the cache by user, so first, you'll need to override the following method in Global.asax:

public override string GetVaryByCustomString(System.Web.HttpContext context, string custom)
{
    var args = custom.ToLower().Split(';');
    var sb = new StringBuilder();

    foreach (var arg in args)
    {
        switch (arg)
        {
            case "user":
                sb.Append(User.Identity.Name);
                break;
            case "ajax":
                if (context.Request.Headers["X-Requested-With"] != null)
                {
                    // "XMLHttpRequest" will be appended if it's an AJAX request
                    sb.Append(context.Request.Headers["X-Requested-With"]);
                }
                break;
            default:
                continue;
        }
    }

    return sb.ToString();
}

With that, you can then just decorate your child action with:

[OutputCache(Duration = 3600, VaryByCustom = "User")]

Answer 2

Looking at your code, getting a user subordinates should only happen once. In your Login method:

Session["HasSubordinates"] = _uow.ApprovalService.GetSubordinates(User.Identity.Name).Count() > 0;

Create a new class to extend IPrincipal:

public class IPrincipalExtensions
{
  public bool HasSubordinates(this IPrincipal user)
  {
    return Session != null && Session["HasSubordinates"] != null && Session["HasSubordinates"] > 0;
  }
}

Now, in the View:

@if (User.IsInRole("Supervisor") || User.HasSubordinates() )
{
}

Writing from memory, may have left something out, but this should be the cleanest.