Updates to display, editor and authz tag helpers

global.json

@@ -1,7 +1,7 @@
 {
   "sdk": {
     "version": "7.0.100",
-    "rollForward": "latestFeature",
+    "rollForward": "latestMajor",
     "allowPrerelease": false
   }
 }

samples/TagHelperPack.Sample/Pages/Index.cshtml

@@ -42,6 +42,9 @@
         <li>Use the <code>template-name</code> attribute to override the template used to render the model.</li>
         <li>Use the <code>html-field-name</code> attribute to override the HTML field name used to render the model.</li>
         <li>Use <code>view-data-*</code> and <code>view-data</code> attributes to provide additional <code>ViewData</code> to the template.</li>
+        <li>Use <code>view-data-htmlAttributes</code> attribute to add properties to the <code>htmlAttributes</code> property in <code>ViewData</code>. This property can then be used as an argument to <code>Html helpers</code> in the template to render it in the final html.</li>
+        <li>Use <code>class</code> and <code>style</code> attributes to add additional css classes or inline styles to the <code>htmlAttributes</code> property in <code>ViewData</code>.</li>
+        <li>Use <code>id</code> attribute to add the id property to the <code>htmlAttributes</code> property in <code>ViewData</code>.</li>
     </ul>
 </p>
 <p>
@@ -51,7 +54,7 @@
         <li>Use the <code>asp-template-name</code> attribute to override the template used to render the model.</li>
         <li>Use the <code>asp-html-field-name</code> attribute to override the HTML field name used to render the model.</li>
         <li>Use <code>asp-view-data-*</code> and <code>asp-view-data</code> attributes to provide additional <code>ViewData</code> to the template.</li>
-    </ul>
+   </ul>
 </p>
 <p>
     Use <code>&lt;datalist asp-list="..."&gt;</code> to render a <code>&lt;datalist&gt;</code> element containing <code>&lt;option&gt;</code> elements
@@ -79,6 +82,11 @@
                 <editor for="Customer.LastName" template-name="String2" />
                 <span asp-validation-for="Customer.LastName" class="text-danger"></span>
             </div>
+            <div class="form-group">
+                <label asp-for="Customer.LastName"></label>
+                <editor for="Customer.LastName" template-name="String3" id="myId" class="myClass" style="color: green" view-data-htmlAttributes='new {data_info = "some info"}' />
+                <span asp-validation-for="Customer.LastName" class="text-danger"></span>
+            </div>
             <div class="form-group">
                 <label asp-display-name-for="Customer.LastName" for="CustomerLastName"></label>
                 <editor for="Customer.LastName" html-field-name="CustomerLastName" />
@@ -143,6 +151,11 @@
         <strong>&lt;editor for="LastName" template-name="String2" /&gt;</strong>
         &lt;span asp-validation-for="LastName" class="text-danger"&gt;&lt;/span&gt;
     &lt;/div&gt;
+    &lt;div class="form-group"&gt;
+        &lt;label asp-for="LastName"&gt;&lt;/label&gt;
+        <strong>&lt;editor for="LastName" template-name="String3" id="myId" class="myClass" style="color: green" view-data-htmlAttributes='new {data_info = "some info"}' /&gt;</strong>
+        &lt;span asp-validation-for="LastName" class="text-danger"&gt;&lt;/span&gt;
+    &lt;/div&gt;
     &lt;div class="form-group"&gt;
         &lt;label <strong>asp-display-name-for="LastName"</strong> for="CustomerLastName"&gt;&lt;/label&gt;
         <strong>&lt;editor for="LastName" html-field-name="CustomerLastName" /&gt;</strong>
@@ -327,13 +340,21 @@ public Customer Customer { get; set; }
         <div asp-authz>This will only render if the user is authenticated.</div>
         <div asp-authz="false">This will only render when the user is <strong>*not*</strong> authenticated.</div>
         <div asp-authz-policy="AdminPolicy">This will only render if the user is authenticated and authorized via the "AdminPolicy" policy.</div>
+        <div asp-authz-policy="PermissionPolicy" asp-authz-resource='"ViewUsers"'>This will only render if the user has "ViewUsers" permission.</div>
+        <div asp-authz-policy="PermissionPolicy" asp-authz-resource='"ManageUsers"'>This will only render if the user has "ManageUsers" permission.</div>
+        <div asp-authz-role="standard">This will only render if the user belongs to the "standard" role.</div>
+        <div asp-authz-role="admin">This will only render if the user belongs to the "admin" role.</div>
     </div>
 </div>
 <h4>Source</h4>
 <figure>
     <pre>&lt;div asp-authz&gt;This will only render if the user is authenticated.&lt;/div&gt;
 &lt;div asp-authz="false"&gt;This will only render when the user is &lt;strong&gt;*not*&lt;/strong&gt; authenticated.&lt;/div&gt;
-&lt;div asp-authz-policy="AdminPolicy"&gt;This will only render if the user is authenticated and authorized via the "AdminPolicy" policy.&lt;/div&gt;</pre>
+&lt;div asp-authz-policy="AdminPolicy"&gt;This will only render if the user is authenticated and authorized via the "AdminPolicy" policy.&lt;/div&gt;
+&lt;div asp-authz-policy=&quot;PermissionPolicy&quot; asp-authz-resource='&quot;ViewUsers&quot;'&gt;This will only render if the user has &quot;ViewUsers&quot; permission.&lt;/div&gt;
+&lt;div asp-authz-policy=&quot;PermissionPolicy&quot; asp-authz-resource='&quot;ManageUsers&quot;'&gt;This will only render if the user has &quot;ManageUsers&quot; permission.&lt;/div&gt;
+&lt;div asp-authz-role=&quot;standard&quot;&gt;This will only render if the user belongs to the &quot;standard&quot; role.&lt;/div&gt;
+&lt;div asp-authz-role=&quot;admin&quot;&gt;This will only render if the user belongs to the &quot;admin&quot; role.&lt;/div&gt;</pre>
 </figure>
 
 <h3>If Tag Helper</h3>

samples/TagHelperPack.Sample/QueryAuthScheme.cs

@@ -28,10 +28,12 @@ protected override Task<AuthenticateResult> HandleAuthenticateAsync()
         {
             identity.AddClaim(new Claim("Name", "AdminUser"));
             identity.AddClaim(new Claim("IsAdmin", "true"));
+            identity.AddClaim(new Claim(ClaimTypes.Role, "admin"));
         }
         else
         {
             identity.AddClaim(new Claim("Name", "StandardUser"));
+            identity.AddClaim(new Claim(ClaimTypes.Role, "standard"));
         }
         var user = new ClaimsPrincipal(identity);
         return Task.FromResult(AuthenticateResult.Success(new AuthenticationTicket(user, nameof(QueryAuthScheme))));

samples/TagHelperPack.Sample/Startup.cs

@@ -53,6 +53,25 @@ public void ConfigureServices(IServiceCollection services)
                     return httpContext is not null;
                 });
             });
+            options.AddPolicy("PermissionPolicy", policy =>
+            {
+                var standardPermissions = new List<string> { "ViewUsers" };
+                var adminPermissions = new List<string>(standardPermissions) { "ManageUsers" };
+
+                policy.RequireAuthenticatedUser();
+                policy.RequireAssertion(handler =>
+                {
+                    var permission = handler.Resource as string;
+                    if (handler.User.IsInRole("admin"))
+                    {
+                        return adminPermissions.Contains(permission);
+                    }
+                    else //standard role
+                    {
+                        return standardPermissions.Contains(permission);
+                    }
+                });
+            });
         });
 
         // Optional optimizations to avoid Reflection

samples/TagHelperPack.Sample/Views/Shared/EditorTemplates/String3.cshtml

@@ -0,0 +1,18 @@
+@model string
+
+@using Microsoft.AspNetCore.Mvc.ViewFeatures;
+
+@{
+    //default html attributes added by the template
+    var defaultHtmlAttributesObject = new
+    { 
+        Class = "form-control",
+        style= "font-weight: bold"
+    };
+
+    //merging the above html attributes with attributes received from the view
+    var viewHtmlAttributes = ViewData["htmlAttributes"] ?? new { };
+    var mergedHtmlAttributes = Html.MergeHtmlAttributesObjects(viewHtmlAttributes, defaultHtmlAttributesObject);
+}
+
+@Html.TextBox("", Model, mergedHtmlAttributes)

src/TagHelperPack/AuthzTagHelper.cs

@@ -12,13 +12,17 @@ namespace TagHelperPack;
 /// </summary>
 [HtmlTargetElement("*", Attributes = AspAuthzAttributeName)]
 [HtmlTargetElement("*", Attributes = AspAuthzPolicyAttributeName)]
+[HtmlTargetElement("*", Attributes = AspAuthzRoleAttributeName)]
+[HtmlTargetElement("*", Attributes = AspAuthzPolicyResourceAttributeName)]
 public class AuthzTagHelper : TagHelper
 {
     internal static object SuppressedKey = new();
     internal static object SuppressedValue = new();
 
     private const string AspAuthzAttributeName = "asp-authz";
     private const string AspAuthzPolicyAttributeName = "asp-authz-policy";
+    private const string AspAuthzRoleAttributeName = "asp-authz-role";
+    private const string AspAuthzPolicyResourceAttributeName = "asp-authz-resource";
 
     private readonly IAuthorizationService _authz;
 
@@ -49,6 +53,18 @@ public AuthzTagHelper(IAuthorizationService authz)
     [HtmlAttributeName(AspAuthzPolicyAttributeName)]
     public string RequiredPolicy { get; set; }
 
+    /// <summary>
+    /// A role that the User must belong to in order for the current element to be rendered.
+    /// </summary>
+    [HtmlAttributeName(AspAuthzRoleAttributeName)]
+    public string RequiredRole { get; set; }
+
+    /// <summary>
+    /// An optional resource used by the authorization policy handler. <c>asp-authz-policy</c> should be set as well.
+    /// </summary>
+    [HtmlAttributeName(AspAuthzPolicyResourceAttributeName)]
+    public object RequiredPolicyResource { get; set; }
+
     /// <summary>
     /// Gets or sets the <see cref="ViewContext"/>.
     /// </summary>
@@ -69,12 +85,22 @@ public override async Task ProcessAsync(TagHelperContext context, TagHelperOutpu
             throw new ArgumentNullException(nameof(output));
         }
 
+        if (RequiredPolicyResource != null && string.IsNullOrEmpty(RequiredPolicy))
+        {
+            throw new ArgumentNullException(AspAuthzPolicyAttributeName);
+        }
+
+        if (!string.IsNullOrEmpty(RequiredRole) && !string.IsNullOrEmpty(RequiredPolicy))
+        {
+            throw new InvalidOperationException($"{AspAuthzRoleAttributeName} and {AspAuthzPolicyAttributeName} cannot be set at the same time.");
+        }
+
         if (context.SuppressedByAspIf() || context.SuppressedByAspAuthz())
         {
             return;
         }
 
-        var requiresAuth = RequiresAuthentication || !string.IsNullOrEmpty(RequiredPolicy);
+        var requiresAuth = RequiresAuthentication || !string.IsNullOrEmpty(RequiredPolicy) || !string.IsNullOrEmpty(RequiredRole);
         var showOutput = false;
 
         var user = ViewContext.HttpContext.User;
@@ -85,23 +111,45 @@ public override async Task ProcessAsync(TagHelperContext context, TagHelperOutpu
         }
         else if (!string.IsNullOrEmpty(RequiredPolicy))
         {
-            // auth-policy="foo" & user is authorized for policy "foo"
-            var cacheKey = AspAuthzPolicyAttributeName + "." + RequiredPolicy;
             bool authorized;
-            var cachedResult = ViewContext.ViewData[cacheKey];
-            if (cachedResult != null)
+            if (RequiredPolicyResource != null)
             {
-                authorized = (bool)cachedResult;
+                // auth-policy="foo" & user is authorized for policy "foo" based on permission
+                var cacheKey = AspAuthzPolicyResourceAttributeName + "." + RequiredPolicyResource;
+                var cachedResult = ViewContext.ViewData[cacheKey];
+                if (cachedResult != null)
+                {
+                    authorized = (bool)cachedResult;
+                }
+                else
+                {
+                    var authResult = await _authz.AuthorizeAsync(user, RequiredPolicyResource, RequiredPolicy);
+                    authorized = authResult.Succeeded;
+                    ViewContext.ViewData[cacheKey] = authorized;
+                }
             }
             else
             {
-                var authResult = await _authz.AuthorizeAsync(user, ViewContext, RequiredPolicy);
-                authorized = authResult.Succeeded;
-                ViewContext.ViewData[cacheKey] = authorized;
+                // auth-policy="foo" & user is authorized for policy "foo"
+                var cacheKey = AspAuthzPolicyAttributeName + "." + RequiredPolicy;
+                var cachedResult = ViewContext.ViewData[cacheKey];
+                if (cachedResult != null)
+                {
+                    authorized = (bool)cachedResult;
+                }
+                else
+                {
+                    var authResult = await _authz.AuthorizeAsync(user, ViewContext, RequiredPolicy);
+                    authorized = authResult.Succeeded;
+                    ViewContext.ViewData[cacheKey] = authorized;
+                }
             }
-
             showOutput = authorized;
         }
+        else if (!string.IsNullOrEmpty(RequiredRole))
+        {
+            showOutput = user.IsInRole(RequiredRole);
+        }
         else if (requiresAuth && user.Identity.IsAuthenticated)
         {
             // auth="true" & user is authenticated

src/TagHelperPack/DisplayTagHelper.cs

@@ -62,6 +62,24 @@ public IDictionary<string, object> ViewData
     [ViewContext]
     public ViewContext ViewContext { get; set; }
 
+    /// <summary>
+    /// CSS class name.
+    /// </summary>
+    [HtmlAttributeName("class")]
+    public string Class { get; set; }
+
+    /// <summary>
+    /// CSS inline style.
+    /// </summary>
+    [HtmlAttributeName("style")]
+    public string Style { get; set; }
+
+    /// <summary>
+    /// HTML id.
+    /// </summary>
+    [HtmlAttributeName("id")]
+    public string Id { get; set; }
+
     /// <inheritdoc />
     public override void Process(TagHelperContext context, TagHelperOutput output)
     {
@@ -82,6 +100,30 @@ public override void Process(TagHelperContext context, TagHelperOutput output)
 
         ((IViewContextAware)_htmlHelper).Contextualize(ViewContext);
 
+        //create a local htmlAttributes dictionary for html attributes exposed by the tag helper
+        IDictionary<string, object> htmlAttributes = new Dictionary<string, object>();
+        if (!string.IsNullOrWhiteSpace(Id))
+        {
+            htmlAttributes["id"] = Id;
+        }
+        if (!string.IsNullOrWhiteSpace(Class))
+        {
+            htmlAttributes["class"] = Class;
+        }
+        if (!string.IsNullOrWhiteSpace(Style))
+        {
+            htmlAttributes["style"] = Style;
+        }
+
+        //get the htmlAttributes property from tag ViewData
+        ViewData.TryGetValue("htmlAttributes", out var viewDataHtmlAttributes);
+
+        //merging local and ViewData htmlAttributes properties
+        htmlAttributes = _htmlHelper.MergeHtmlAttributesObjects(htmlAttributes, viewDataHtmlAttributes);
+
+        //setting the merged htmlAttributes on the ViewData of the tag.
+        ViewData["htmlAttributes"] = htmlAttributes;
+
         output.Content.SetHtmlContent(_htmlHelper.Display(For, HtmlFieldName, TemplateName, ViewData));
 
         output.TagName = null;

src/TagHelperPack/EditorTagHelper.cs

@@ -55,13 +55,31 @@ public IDictionary<string, object> ViewData
         set => _viewData = value;
     }
 
-        /// <summary>
+    /// <summary>
     /// Gets or sets the <see cref="ViewContext"/>.
     /// </summary>
     [HtmlAttributeNotBound]
     [ViewContext]
     public ViewContext ViewContext { get; set; }
 
+    /// <summary>
+    /// CSS class name.
+    /// </summary>
+    [HtmlAttributeName("class")]
+    public string Class { get; set; }
+
+    /// <summary>
+    /// CSS inline style.
+    /// </summary>
+    [HtmlAttributeName("style")]
+    public string Style { get; set; }
+
+    /// <summary>
+    /// HTML id.
+    /// </summary>
+    [HtmlAttributeName("id")]
+    public string Id { get; set; }
+
     /// <inheritdoc />
     public override void Process(TagHelperContext context, TagHelperOutput output)
     {
@@ -82,8 +100,32 @@ public override void Process(TagHelperContext context, TagHelperOutput output)
 
         ((IViewContextAware)_htmlHelper).Contextualize(ViewContext);
 
+        //create a local htmlAttributes dictionary for html attributes exposed by the tag helper
+        IDictionary<string, object> htmlAttributes = new Dictionary<string, object>();
+        if (!string.IsNullOrWhiteSpace(Id))
+        {
+            htmlAttributes["id"] = Id;
+        }
+        if (!string.IsNullOrWhiteSpace(Class))
+        {
+            htmlAttributes["class"] = Class;
+        }
+        if (!string.IsNullOrWhiteSpace(Style))
+        {
+            htmlAttributes["style"] = Style;
+        }
+
+        //get the htmlAttributes property from tag ViewData
+        ViewData.TryGetValue("htmlAttributes", out var viewDataHtmlAttributes);
+
+        //merging local and ViewData htmlAttributes properties
+        htmlAttributes = _htmlHelper.MergeHtmlAttributesObjects(htmlAttributes, viewDataHtmlAttributes);
+
+        //setting the merged htmlAttributes on the ViewData of the tag.
+        ViewData["htmlAttributes"] = htmlAttributes;
+
         output.Content.SetHtmlContent(_htmlHelper.Editor(For, HtmlFieldName, TemplateName, ViewData));
 
         output.TagName = null;
     }
-}
+}

src/TagHelperPack/HtmlHelperExtensions.cs

@@ -1,7 +1,10 @@
-using System;
-using System.Reflection;
+using Microsoft.AspNetCore.Html;
 using Microsoft.AspNetCore.Mvc.Rendering;
-using Microsoft.AspNetCore.Html;
+using Microsoft.AspNetCore.Routing;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Reflection;
 using TagHelperPack;
 
 namespace Microsoft.AspNetCore.Mvc.ViewFeatures;