How to know which type of user accesses the code of the action method in the controller - mvc c #

advertisements

I am not sure how to put this question or where to ask it, lets say i have a cms, which has three types of users, a retailer, manufacturer and a customer support (this guy can access all the information that a retailer and manufacturer can access). Now let say there is a products controller that has an action method called "view products list". Now a retailer can only view products on his website and so can a manufacturer, but a customer support can view a list of manufacturers and retailers and choose on which one's products s/he wants to view. Lets say all this code is in the same action method "view products list". Now is this a good practice ? To have all the code for all three types of users in the same action method ? Second how do i figure out which code should (if condition) should run inside the action method based on the user type assuming that i am using mvc built in login system and roles.


(1) It's fine to have this in one action method, you don't want to be creating new action methods if new roles are added.

(2) You can use e.g.

If User.IsInRole("CustomerSupport") { ... }

You might also want to consider locking down the action method so that only roles catered for inside the method are allowed access. Use the [Authorize] attribute to accomplish that. E.g.

[Authorize(Roles = "Retailer, Manufacturer, CustomerSupport")]