I have a oracle database which stores menu and user data, for a local Intranet.
The data includes which usesr have access to which pages.
Originally I created a class which extened the StaticSiteMapProvider class, however when this went in to the testing environment, i found that this was cached for the whole site (and not on a user basis). After reading up on line on various forums, it was suggested that I should inherit from SiteMapProvider as this would enable me to have a seperated instance of thet SiteMapProvider and ASP:MENU item on a user basis, however this still hasn't solved the problem.
Currently I have a user control, which conrains the asp:menu, and uses my custom site map provider as its data source.
Could anyone suggest how I can display the menu on a user basis, driven from database authorisation?
Also the whole menu should still appear to all users, it only after thy click on a menu node that they will find out whether they have access to that page/node.
Thanks
You can make use of Roles on the SiteMap to define what menu will appear.
There are two things here. If you have static collection of nodes and then you want to show/hide them based on user accessibility then you should override IsAccessibleToUser
method to tell if the given node if applicable for the current user (accessible from given HttpContext).
In case, your nodes collection/hierarchy changes per user basis then try overriding BuildSiteMap to load different nodes for current user. However, I am a bit doubtful if StaticSiteMapProvider is the correct base class in this case. Probably you need to override from SiteMapProvider.
Related
I am building an MVC4 app using razor, I have done many in the past but I want to roll some best practice in to this one in terms of dealing with variables.
The situation is that I have a logged in user (logged in meaning a windows authentication, with that user name matched to a user in my user table). That user comes with a set of profile options such as "canViewReports", "canEditPerson" etc etc.
Now, there are two prongs to those profile options. First is that my presentation layer needs to customise itself depending on what is presented to it. So profile 1 has canViewReport set to false so the tab for reports will be hidden. Profile 2 has it true so the tab will be shown.
The second prong is that if my savvy users type in /reports/index, I need to pick that up and block access for profile 1 but allow profile 2.
Ok, so at the moment I am using a base controller that is decorated with a [UserDataFilter], that user data filter calls a method that checks the current session for a set of keys and if they are missing assigns them. I put each of those profile options for the current user in to the session. I can then use the session variables in my presentation layer and also in code.
My concern is that that is messy looking in my code having to put this kind of thing everywhere:
(bool)session["canViewReports"] everywhere in my razor.
That lead me to try using the viewstart.cshtml and setting App variables in there that I can use in my razor a bit cleaner. In viewstart I set:
App.canViewReports = (bool)HttpContext.Current.Session["canViewReports"];
I can then just use App.canViewreports everyhwere in my views without too much trouble.
My questions are:
1) Is App.canViewReports for the entire application at an IIS level, or does each connection to IIS get its own pool of App. variables. The thing I want to avoid is the first user setting the variable and every other user that subsequently uses the application getting that value! (on different computers)
2) Is there a better way of doing this!!!
Many thanks
Iain
I would use User.IsInRole("canViewReports") in my razor logic to hide and show the menus item. If you build you menu in you layout you only need to do this once.
I would then further protect the action method by decorating the method with
[AuthorizeUser("canViewReports")]
You could create an ISessionService that stores the session information you need.In this way,you can implement it however you want and have full control over it.It could be retrieved easily via a DI container and it's easy to mock.
Let's say I have a content type called Seminar. The Seminar type has three parts welded to it- Room, Schedule, Subject.
When a user edits a Seminar, they will be shown the editor templates for those three parts.
What I would like to do is add permissions to each of the parts so that we can restrict which users can edit which parts. For example, someone with a Scheduler role will be able to view/edit the schedule part, but not the others.
Is this possible out of the box? If so then how can I do this?
If I can't do this out of the box then is anyone aware of a module that I can use to achieve this?
And finally- if there is nothing available that can do this, can anyone point me in the right direction to implement this myself?
In code, you can check any permissions you want, including your own custom permissions, from the part's driver, and prevent it from displaying anything. Even if it's not your part, you can intercept shapes and prevent them from being displayed, from a shape table provider. But there is no module that I know of that lets you choose permissions for parts without writing code.
I am trying to catch the save event on listviews, not the list itself. This is so that i can stop saving of certain views.
I have tried List SPListEventReciever, but this seems to only catch events on the list itself, not the views.
EDIT: As mentioned in comment below, the views im trying to stop people saving are the default views on external lists.
In your situation, I'd try the following:
Remove regular users' permission to modify lists at all (if this is acceptable). This should still let them create personal views.
Write code that will take a personal view, analyse it, (delete it?) and (using elevated privileges) create an equivalent public view. (You can't just change the PersonalView property, sadly.) Be careful to capture everything a user can do on the create-a-view UI - this will be the trickiest part.
Optionally write similar code to allow a view to be switched from public back to personal (checking it's not the default view or any other view you're trying to protect.)
Optionally keep track of who "owns" one of these custom views, for example in a hidden list, and only allow the owner to take a view back to personal.
Write an interface to this code, e.g. an application page allowing a user to select from the relevant views, or a custom action on the ribbon.
I want to change the appearance of the default editor parts, and am a little unsure of how to go about doing this, as there seems to be a surprising lack of documentation on the subject.
I've been able to create a custom declarative catalog with some trial and error and overriding the RenderCatalogPart method, and now wish to do something similar with my AppearanceEditor and PropertyGridEditor. I've tried just changing the style of the editor parts using CSS, but they are already arranged into tables which are impossible to get rid of. It's not even possible to just take the class as is, because the classes are sealed. So I'm basically stuck with having to write my own from scratch, I guess the questions are as follows:
1) How do I go about getting the information on the controls I need to render?
2) According to the documentation, I need to override the ApplyChagnes and SyncChanges methods - but I can't find any information on what I actually need to put in these methods.
3) On a similar note, is it possible to change the layout of the EditorPart itself, so that the AppearanceEditor, BehaviourEditor etc. are displayed side-by-side instead of on top of eachother?
4) Is there any way to have the page catalog displayed somewhere on the page, even in browse mode? I'd quite like to use it as a 'minimised' area, where users can send web parts they don't want immediately. At the moment they go back into the page catalog and users tend to just add a new part instead. I know that I can have multiple catalog zones on the page, which is great, but it only shows up in catalog mode.
Any help would be very much appreciated.
I didn't get any replies here, but I was able to figure out a way to do some of these.
In the end I decided to use reflection to get each public property on the web part that was WebBrowsable, and figure out what sort of control to display from the type.
The ApplyChanges() and SyncChanges() methods essentially just persist the changes from the page to the personalization blob and vice-versa. It's a matter of rendering some controls on the page, and mapping the values to the properties of the web part in these methods.
I don't think this is possible without writing your own.
Haven't been able to do this, but I don't imagine that it's possible sadly.
I'm wanting to create a user account creation section for unregistered users on our internet site. I want to ask the same questions as the CreateUserWizard control but have a few changes. I want the question to come from a question lookup table in SQL. The user will have a dropdown of available questions and I'll store the questionid they selected and the answer. Also, I want to store 1 other piece of data about the user (SSN).
My questions are:
1) Is forms based authentication an acceptable solution for this if using SSL?
2) Can I add additional columns (questionid and ssn) to the membership table or another table and how do I do that so I can save the info in the 'blessed' way? Will the solution have any negative effect if down the road I want to add password reset/recovery?
When adding columns, does it make sense to invoke Membership.CreateUser rather than using the CreateUserWizard?
Thanks!!
1) Yes it is. You can extend Membership with Profiles, and add any arbitrary fields you like
2) You can customize the CreateUserWizard a great deal, but behind the scenes it just ends up calling Membership.Create user. Personally, I would just roll my own (since it really isn't all that hard) unless you want to use the default wizard. But that is more personal preference then anything else.
NOTE: the link I provided for Profiles assumes you are using a WebSite project. If you are using Web Application projects, there are a few additional steps you can read about here.