PDA

View Full Version : Proper way to create MVC application with different access levels



Misiu
22 Nov 2012, 12:19 PM
I have created a simple ASP Webform application that allows user to manage his holidays plans.
I have 3 access level: user, admin, mod.
First page allows use to login, if he types correct login and password he is redirected to real application page.
On that page in script block I have information about user settings and his access level (this comes from asp):


<script type="text/javascript">
window.parameters = {"userLevel":"admin","userGUID":"123456","userSettings":...};
</script>


Then in my application I'm adding different components based on that level.
If user is admin then I include adminmenu, if he is mod then I include modmenu.
This way I have 3 different views with different functionality for every user level.

I would like to rewrite my application to ASP MVC4 and ExtJS MVC.

My question is how should I setup my project to do this kind of functionality?

I know that I can combine all my code into one js file using CMD tool, but would it be possible instead one large file to create 4 files?

common.js - that will hold code that is used by all views
admin.js - that will have app admin components in it
mod.js - for mod components
user.js - to store user functionality

This way I will be able to include only those files that I need instead of all code.
If someone log-in as user my application page will include common.js and user.js only.

This is my first attempt to create MVC project, so please be understanding.
What would be the correct way to create such application?
Will I have some benefits if I split my application into pieces?
I just want to start the proper way :)
Any advises are welcome!

dawesi
22 Nov 2012, 8:15 PM
There's multiple ways to do this. Ext.Direct is the 'direct' way to do it.

A common way of doing this is to dynamically load menus and components from the server that have only the elements you have access to, so you use an ajax call to setup your menus.

At the end of the day, your server-side is the only 'safe' place to apply permissions without setting up elaborate authentication structures within your app.