Help get this topic noticed by sharing it on Twitter, Facebook, or email.

Access Control Rules - can you override the rule to exclude one specific controller

COT or anyone else that might be able to assist me. I just read the below post and noted your comment .... both conditions specified in your access control rules must be true for every record.
http://community.codeontime.com/codeo...

(1) I have an access control rule which applies to all controllers in my application. It restricts access to records based on a CompanyID that gets assigned to each user. So if three users in the users table have the same CompanyID then all three users see all the records for that company.
(2) The access control rule gets applied if the user doesn't have the administrator role for the application

This all works as expected but I need one further bit of functionality (described below) which I believe isn't working because of the way my access control rule is set up.

Companies can decide to "share" a record if the record is in one specific database table by marking the record as shared (bit = true). To get the records to display in grid1 for any user I removed the field for CompanyID from the grid so that the access control rule can't see it and therefore won't apply the record restriction to this grid and all users can see the shared record. The issue I am having is that the record also displays an image - if the record belongs to the users company or I sign in as an administrator the image displays in the grid but if the record belongs to a different company the image displays as a X to the user.

If I put the CompanyID back into the grid the image displays but users cannot see any records that are "shared" unless the record belongs to their company.

Is there a way to alter the access control rule to prevent it from applying it's rule to a specific controller so that I can still keep the CompanyID in the grid but any user can still see any record that has been shared by any company. I have tried two access control rules but they conflict with each other

This is the access control rule I have setup (works perfectly except for what I have described above)

If (Not UserIsInRole("Administrators") And (Context.Request.QueryString("_validationKey") <> "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx")) Then
RegisterAccessControlRule(
"CompanyID",
"select "CompanyID",from Users " +
"where UserID = @UserID",
AccessPermission.Allow,
New SqlParam("@UserID", UserId))
1 person has
this question
+1
Reply
  • Could you add an ElseIf at the end of the above? Something like

    ElseIf (Not UserIsInRole("Administrators") And (Context.Request.QueryString("_validationKey") = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx")) Then
    RegisterAccessControlRule( whatever the rule needs to be)
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. kidding, amused, unsure, silly sad, anxious, confused, frustrated indifferent, undecided, unconcerned happy, confident, thankful, excited

  • Thanks Peter but not sure if it’s as simple as an elseif statement as I need the first rule to run regardless of what’s in the elseif statement. Based on what COT said in the above link for the records to appear each rule must equate to true. I thought the issue might be to do with the where clause as it’s trying to match the userID with the users company ID so I added another rule which is the same as the one above but my where clause for this one is.. where userID = @userID or userID <> @userID

    But doesn’t seem to work because the companyID still doesn’t match the company ID for that user therefore equates to false

    Still trying to get my head around it
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. sad, anxious, confused, frustrated indifferent, undecided, unconcerned kidding, amused, unsure, silly happy, confident, thankful, excited