 |
BOOK: ASP.NET 2.0 Instant Results ISBN: 978-0-471-74951-6
 | This is the forum to discuss the Wrox book ASP.NET 2.0 Instant Results by Imar Spaanjaars, Paul Wilton, Shawn Livermore; ISBN: 9780471749516 |
|
Welcome to the p2p.wrox.com Forums.
You are currently viewing the BOOK: ASP.NET 2.0 Instant Results ISBN: 978-0-471-74951-6 section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
|
|
|
|
|
January 25th, 2009, 05:01 PM
|
|
Registered User
|
|
Join Date: Jan 2009
Posts: 7
Thanks: 2
Thanked 0 Times in 0 Posts
|
|
How do I implement conditional delete based on role membership ?
Hi,
I have set up a test website with the CMS application would like to control the Delete button on the Management/contentList.aspx page, based on role membersip. I have created a second role named «OrdinaryUser» beside the existing «Administrator» role.
I would like to deny an «OrdinaryUser» the right to delete articles.
I have already succeeded in preventing these users to manage content types and categories using classic ASP embedded code on the AdminMenu.ascx page but it doen't work on the contentList.aspx.
Thanks for any help.
Paul Bourget
Montréal CANADA
|
|
January 25th, 2009, 05:13 PM
|
 |
Wrox Author
|
|
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
|
|
Hi Paul,
Can you define "doen't work"? Do you get an error?
Can you post the relevant code for the page? Is the button inside some other control like a GridView or DataList? If so, you need to use FindControl to find the button inside its container and then hide it.
Cheers,
Imar
|
|
January 25th, 2009, 06:28 PM
|
|
Registered User
|
|
Join Date: Jan 2009
Posts: 7
Thanks: 2
Thanked 0 Times in 0 Posts
|
|
Code and error messages
Imar,
Thanks for your answer. I appreciate your books a lot. However, although I have built ASP sites for years, my experience with ASP.NET is very limited.
First, here's my last try at making th code work :
<Code "exceprt from the Content list.aspx page">
<asp:CommandFieldButtonType="Button"ShowDeleteButton=Roles.IsUserInRole("Administrator")>
<ItemStyleWidth="75px"/>
</asp:CommandField>
</code>
You will note that I tried to insert Roles.IsUserInRole("Administrator") to generate a TRUE or False value depending on membership role of the user.
Here's the error message I get (I use a French langage version of Visual Studio)
Error message
Erreur du serveur dans l'application '/Cms'.
Erreur d'analyse
Description : Une erreur s'est produite au cours de l'analyse d'une ressource requise pour répondre à cette demande. Veuillez consulter ci-dessous les détails relatifs à l'erreur d'analyse en question, puis modifier votre fichier source de manière appropriée.
Message d'erreur de l'analyseur: Impossible de créer un objet de type 'System.Boolean' à partir de sa représentation sous forme de chaîne, 'Roles.IsUserInRole("Administrator")', pour la propriété 'ShowDeleteButton'.
Erreur source:
Ligne 28 : </asp:ButtonField>
Ligne 29 :
Ligne 30 : <asp:CommandField ButtonType="Button" ShowDeleteButton= Roles.IsUserInRole("Administrator")>
Ligne 31 : <ItemStyle Width="75px" />
Ligne 32 : </asp:CommandField>
Fichier source : /Cms/Management/ContentList.aspx Ligne : 30
Meaning : Essentially, the server does not create a boolean value in the context I try to generate it.
In my initial post, I mentionned that I succeeded in controlling access to managing content types and categories based on membership role. Heres how I modified your original code.
What worked on AdminMenu.ascx :
<code>
<%@ControlLanguage="VB"AutoEventWireup="false"CodeFile="AdminMenu.ascx.vb"Inherits="AdminMenu" %>
<ul>
<li><aid="lnkHome"href="~/Management/Default.aspx"runat="server">Admin Home</a></li>
<li><aid="lnkContent"href="~/Management/ContentList.aspx"runat="server">Manage Content</a></li>
<%If Roles.IsUserInRole("Administrator") Then%>
<li><aid="lnkContentTypes"href="~/Management/ContentTypes.aspx"runat="server">Manage Content Types</a></li>
<li><aid="lnkCategories"href="~/Management/Categories.aspx"runat="server">Manage Categories</a></li>
<%Endif%>
</ul>
</code>
Thanks for your help.
Paul
Last edited by pbourget; January 25th, 2009 at 06:30 PM..
Reason: typo
|
|
January 25th, 2009, 06:45 PM
|
|
Wrox Author
|
|
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
|
|
Hi Paul,
The ShowDeleteButton is not something you can control like this. Instead, you need to use FindControl to find the button and hide it, like this:
Code:
Protected Sub gvContent_RowCreated(ByVal sender As Object, ByVal e As _
System.Web.UI.WebControls.GridViewRowEventArgs) _
Handles gvContent.RowCreated
If e.Row.RowType = DataControlRowType.DataRow Then
Dim deleteButton As Button = e.Row.FindControl("Button1")
deleteButton.Visible = Roles.IsUserInRole("Administrator")
End If
End Sub
For this code to work correctly, you need to expand the CommandFIeld to a TemplateField that contains a Delete button:
Code:
<asp:TemplateField>
<ItemTemplate>
<asp:Button ID="Button1" runat="server" CausesValidation="False"
CommandName="Delete" Text="Delete"
/>
</ItemTemplate>
</asp:TemplateField>
This way, when the GridView is bound, for each row this code is called. It searches for the Button and the hides it when you're not an Administrator.
Hope this helps,
Imar
|
|
The Following User Says Thank You to Imar For This Useful Post:
|
|
|
January 25th, 2009, 10:19 PM
|
|
Registered User
|
|
Join Date: Jan 2009
Posts: 7
Thanks: 2
Thanked 0 Times in 0 Posts
|
|
A big leap !
Imar,
I have quickly implemented your code and it susccessfully controlled the displaying of the the Delete Button.
I'll take a few days to review my documentation in order to better understand the organic links bteween the vb code and the asp server controls. This case and your explanations help me greatly in my transition from classic ASP to ASP.Net
To make it work though, I've had to comment out a preexisting sub similarly named which function is to display a confirmation dialog when an item is deleted. Changing the name of the former sub did not suffice.
Here's the error message I got (before the code was commented out) :
Impossible d'effectuer un cast d'un objet de type 'System.Web.UI.LiteralControl' en type 'System.Web.UI.WebControls.Button'.
Description : Une exception non gérée s'est produite au moment de l'exécution de la demande Web actuelle. Contrôlez la trace de la pile pour plus d'informations sur l'erreur et son origine dans le code.
Détails de l'exception: System.InvalidCastException: Impossible d'effectuer un cast d'un objet de type 'System.Web.UI.LiteralControl' en type 'System.Web.UI.WebControls.Button'.
Erreur source:
Ligne 27 : ' Add a confirmation message to the Delete button
Ligne 28 : If e.Row.RowType = DataControlRowType.DataRow Then
Ligne 29 : Dim deleteButton As Button = CType(e.Row.Controls(5).Controls(0), Button)
Ligne 30 : If deleteButton.Text = "Delete" Then
Ligne 31 : ' Delete button found; add a confirmation dialog
Fichier source : C:\inetpub\wwwroot\Cms\Management\ContentList.aspx .vb Ligne : 29
Thank for your precious help.
Paul
|
|
January 26th, 2009, 04:47 AM
|
|
Wrox Author
|
|
Join Date: Jun 2003
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
|
|
Hi there,
The code you're referring to assumes you haven't converted the field to a TemplateField. In that case, there's no button you can refer to by name. Instead, it uses an index to find the button.
However, it's easy to combine the two things. In the "old" code, you got a reference to the Button by indexing a cell. In the new code you get that button using FindControl. Afterwards, you can treat the button as you normally would. E.g.:
If Roles.IsUserInRole("Administrator") Then
' Add confirmation from old code
Else
deleteButton.Visible = False
End If
Hope that helps,
Imar
|
|
|
button below this post to show your appreciation!
