@if(User.IsAuthorize("Something"))
{
<submit type = "button" text ="you can do this" />
}
Last, what makes users are authorized? It's totally up to you and your design. But, there are two option I can suggest:
1. Role-Right Management
You can define a right for each business function. For example Task Create, Task Assign, Task Delete, Start Task, Stop Task, User Create, User Update, Prepare Report, Report Details ... Should defined all rights for all business functions. Then let role can have multiple rights.((n)Role ->(n)Right). Then, create User-Role relations. It's also (n)User->(n)Role relation. You need to store all these relations to database.
This design, let you manage authorization for all business function by adding rights to role and assigning roles to users. In your IsUserAuthorize method in Authorization Service Layer, you can check if user has required right by his/ her role(s).
2. Minimum Type Of Authorized Users
You can determine minimum type of authorized users and determine what they are able to do. You can define all things as enum and can determine which user is which type by code.
public enum Roles
{
AdminRole,
StandartUser,
NewOne,
Guest
}
public enum Services
{
Task,
Report,
User
//...
}
public class AuthorizationService
{
public bool IsUserAuthorize(int userId, Services service)
{
Roles role = DetermineUserRole(userId);
switch(role)
{
case Roles.AdminRole:
return true;
case Roles.Guest:
return service == Services.Report ;
// ...
default:
throw new Exception("Can not determine user role");
}
}
}
Which one you should choose?
First option is really good practice and you can manage all functions. Also, you can let users to create new role and assign to others.
But, as you mentioned, your project monolith and probably there will be no major change or add new functionality. Thus, it seems better to choose second one. So, you won't need to define right for all business functions and store those rights and relations to database.