p2p.wrox.com Forums

p2p.wrox.com Forums (http://p2p.wrox.com/index.php)
-   ASP.NET 4 General Discussion (http://p2p.wrox.com/forumdisplay.php?f=561)
-   -   how to query database tables depending on the logged-in user. (http://p2p.wrox.com/showthread.php?t=85100)

Sapan September 20th, 2011 08:23 AM

how to query database tables depending on the logged-in user.
 
Hello,
I would like to know how to limit a logged-in user to view and edit data that were entered by him only. I am not talking about personal information of each user that could be dealt with profiles. I am talking about any other data.
Additionally, I also want to know how can an another person, say a manager, can view all data entered by all users.
Any useful reply is welcome but since I am following Imar since asp.net 3.5 I would love to hear from him.
Thanks,
Sapan [:)]

Imar September 20th, 2011 02:40 PM

Hi there,

It depends a bit on your data access technology, but it's common to take the user's name / identity into account as well as the role membership. In pseudo code the following LINQ query would accomplish this:

Code:


bool userIsAdministrator = User.IsInRole("Administrators");
var whatever = from a in Articles
    where a.CreatedBy == User.Identity.Name || userIsAdministrator
    select a;

This selects all articles that belong to a user, or really al articles when the user is an admin.

You can do similar stuff for direct SQL or other database access methods.

Hope this helps,

Imar


All times are GMT -4. The time now is 07:42 PM.

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.