Reputation: 10763
Dynamic user permission to secure folders in MVC3
Using MVC3 I am trying to come up with method of checking the database to see if a user is allowed access to a folder. The administrator has individual control over each user's permission to courses, so I cannot control this from web.config.
The screenshot below provides an example of what I am trying to accomplish: courseA is an example of one of many folders that only certain users will be allowed access to. My thinking is that I could use a CourseController action like OpenCourse(int id) to check against the db if a user has access to a course, and if so then "allow access" to the entire course folder and open the player.html file contained within it. The user's permission to each file within courseA folder would probably need to persist for the user's session.
Is it even possible to do something like this from within the MVC View folder, or should the courseA folder sit somewhere else?
Upvotes: 2
Views: 613
Answers (1)
Reputation: 487
You can enforce this sort of restriction in your database calls. You could say for example:
var courses = ListCoursesForUser(userId);
Then when accessing a specific course you can reuse this:
public doSomethingWithCourse(courseId, userId)
{
var courses = ListCoursesForUser(userId);
if(courses.Any(c => c.courseId == courseId))
{
}
}
Upvotes: 1
Related Questions
- asp.net MVC secure root folder only for authorized users
- Asp.net mvc restrict specific users to access folder content
- ASP.NET MVC 6 folder authorization
- How to make some folders only available to authenticated users or certain roles in ASP MVC?
- Secure Folders in ASP.NET MVC4 SPA application
- How to give permission to dynamically created folders to save files in them in asp.net from c# code behind?
- Dynamic permissions to users
- How do I protect a directory in asp.net MVC?
- Handling file permissions on runtime using MVC4
- ASP.NET MVC - User access for directory