Advice on how to organize controllers asp.net mvc3

learning mvc and building a full blown ecommerce app.

Administrators should be able to add-edit whatever they like.

Let's take an example Employees.

I have added an Area called "Admin".Within admin I have Employees In here an administrator should be able to add-edit info about employees.

Now in the user section the user should not be able to add-edit.etc..

At them moment I have 2 controllers?

1. Areas-Admin-Controllers-EmployeeController
2. Areas-Aboutus-Controllers-EmployeeController

It does not seem right to me.How do you handle such a code repetition? I wo开发者_JAVA技巧uld like to have only one controller.How do you structure your mvc app in this case?

any example I can download? Looking for a good examples where you can see areas working and running themes dynamically etc..

thanks for any suggestions

You could use a single ~/Controllers/EmployeesController controller to handle the Employee resource in your application. Inside this controller actions that require administrative (or some logged in user) privileges could be decorated with the [Authorize] attribute by specifying the required roles in order to execute this action:

public class EmployeesController: Controller
{
    // Anyone can list employees, even anonymous users
    public ActionResult Index()
    {
        IEnumerable<Employee> employees = _repository.GetEmployees();
        return View(employees);
    }

    public ActionResult Show(int employeeId)
    {
        Employee employee = _repository.GetEmployee(employeeId);
        return View(employee);
    }


    // Only administrators can update employees
    [Authorize(Roles = "admin")]
    [HttpPost]
    public ActionResult Update(Employee employee)
    {
        _repository.Update(employee);
        return RedirectToAction("Index");
    }

    // Only administrators can delete employees
    [HttpDelete]
    [Authorize(Roles = "admin")]
    public ActionResult Destroy(int employeeId)
    {
        _repository.Delete(employeeId);
        return RedirectToAction("Index");
    }

    ... and some other actions following the Simply RESTful pattern: 
    http://mvccontrib.codeplex.com/wikipage?title=SimplyRestfulRouting
}

I'm assumuing your doing it this way so that you can use authentication and have the pretty urls: /Admin/Employee /Aboutus/Employee

How about only having a single controller in /Controllers/EmployeeController. You can set [Authorize] attribute on any methods that you need authentication for and control the urls with custom routes?

    routes.MapRoute( _
        "Admin_Employee", _
        "Admin/{controller}/{action}/{id}", _
        New With {.controller = "Employee", .action = "Index", .id = UrlParameter.Optional} _
    )

    routes.MapRoute( _
        "AboutUs_Employee", _
        "Aboutus/{controller}/{action}/{id}", _
        New With {.controller = "Employee", .action = "Details", .id = UrlParameter.Optional} _
    )