MVVM/ViewModels and handling Authorization

Just wondering how how people handle Authorization when using MVVM and/or View Models.

If I wasn't using VM's I would be passing back the Model and it would have a property which I could check if a user can edit a given object/property but when using MVVM I am disconnecting myself from the business object... and thus doen't know what the security should be any more.

Is this a case where the mapper should be aware of the Authorization that is in place and don't copy across the data if the A开发者_运维百科uthorization check fails. If this was the case I am guessing that the mapper would have to see some properties on the VM to let the interface know which fields are missing data because of the Authorization failure.

If this does occur within the mapper, how does this fit in with things like AutoMapper, etc.

Cheers Anthony

The ViewModel can expose this property from the Model to your View. That's the purpose of the ViewModel in MVVM.

Instead of directly attaching to your Model (which is what you specified you'd do without MVVM), you can just expose this through your VM, and attach to the VM.