Articles in this Series
- Introduction - A DynamicData Attribute Based Permission Solution using User Roles.
- Part 1 - Permissions Attribute (Metadata) Classes.
- Part 2 - Sample Metadata for project.
- Part 3 - The Helper Extension Methods.
- Part 4 - Limit Tables shown on Default page and List, Edit & Details etc.
- Part 5 - Generate Columns/Rows (using IAutoFieldGenerator)
- Part 6 - Miscellaneous bits
- Part 7 - Updating the ListDetails Page
- DynamicData - Limit the Filter Fields
- DynamicData - Automatic Column Update
Updating the ListDetails Page
Similarly to the List page Listing 1 show the class variables.
protected Boolean denyEdit = false; protected Boolean denyDelete = false; protected Boolean denyDetails = false; protected Boolean denyInsert = false;
Next is the setting of the class variables based on the permissions set returned.
// Get permissions for current table var tablePermissions = table.GetTablePermissions(Roles.GetRolesForUser()); // get status of links for column 0 from table permissions if (tablePermissions.Contains(TablePermissionsAttribute.Permissions.DenyEdit)) denyEdit = true; if (tablePermissions.Contains(TablePermissionsAttribute.Permissions.DenyDelete)) denyDelete = true; if (tablePermissions.Contains(TablePermissionsAttribute.Permissions.DenyDetails)) denyDetails = true; if (tablePermissions.Contains(TablePermissionsAttribute.Permissions.DenyInserts)) denyInsert = true;
This is the error if user got to this by invalid URL for them (e.g. old link or a hack)
// if table is denied read throw error if (tablePermissions.Contains(TablePermissionsAttribute.Permissions.DenyRead)) { Response.Redirect("~/Default.aspx?error=No access to " + table.Name); }
Here the links and DetailsPanel are set to display or hide, also if the DetailsPanel is hidden the don't bother to turn off the buttons.
// set visibility of Details DetailsPanel.Visible = !denyDetails; GridView1.AutoGenerateSelectButton = !denyDetails; GridView1.AutoGenerateEditButton = !denyEdit; GridView1.AutoGenerateDeleteButton = !denyDelete; if (!denyDetails) { DetailsView1.AutoGenerateInsertButton = !denyInsert; DetailsView1.AutoGenerateEditButton = !denyEdit; DetailsView1.AutoGenerateDeleteButton = !denyDelete; }
I think that about wraps it up for this...
But may be not I think next I may override some of the controls then there will be less code to add per page.
NOTE: you will need to change the routing to see ListDetails pages instead of List, Details, Edit, Insert.
3 comments:
Steve,
Do you plan to provide a downloadable example implementation from CodePlex or MSDN Code Gallery?
Also, what license will apply to your code?
I need to know this for a forthcoming Visual Studio Magazine article.
Thanks in advance,
Roger_Jennings[at]compuserve[dot]com
http://oakleafblog.blogspot.com
I can not update from the memory when metaattributes make a change to the database in the model attributes, for example, have the table "Users" which has write permissions only, and in the global.asax are loaded Attributes permissions in memory, but when you make a change to the table to say that the write-only attribute to read only happens now, does not update the changes, I have to close the asp.net development server and then re-start the program to reload the global.asax and recently there had made the changes mentioned above ...
greetings in advance
Hi Mlho, I'm not sure I follow you you may be better served by looking at my new Security sample which uses some new methods of filtering access, I will be augmenting this soon by doing a DD v1 version that does everything by routing.
Post a Comment