How to display records to only that users role id

Edit Subject

PCRAGE,

Take a look at these posts.

http://community.codeontime.com/codeo...

http://community.codeontime.com/codeo...

They should give you ideas about how to do it. There are many other post that would probably be helpful if you need more info.

Scott

Hi Scott,

I am looking for a way to filter the table to the user role id. As the application allows each user to see only records they are allowed to see due to their role. I have created a custom user and role table. My problem is filtering the records received by the user role. I am sure code on time must allow something like this but I am having trouble finding that solution.

How are you linking each record to a role? Are you adding a field to each row? Are you using a separate table to track each record?

Scott

Hi Scott,

The admin creates the records, its a project management tool and assign a group of users to the task. The group are the roles for example reception, Support and so on.

Each table has a FK to user roles id.

so if your role is Support you should only see records that is for support. I can create a page per role but that is silly.

I suppose AccesControl.. is the best solution

Please explain by how you mean access control is the best option? access control per page or record? as that is what I am trying to do to each record.

PCRAGE,

So if there is one FK in the table for the role, then it would seem each row can only be accessed by one role. From the way you are describing what you are trying to do, it sounds like each user has only one role as well. You mentioned having custom user and role tables. I will show you how to do it with the membership tables.

Place this access control in a business rule for the controller you want to filter.

(Less than bracket here)AccessControl("YourControllerNameHere", "YourRolePKNameHere")(Greater than bracket here) _
Private Sub RestrictByRole()

dim _roleID as string

using _slqT as new SQLText("SELECT aspnet_UsersInRoles.RoleId FROM aspnet_Users INNER JOIN aspnet_UsersInRoles ON aspnet_Users.UserId = aspnet_UsersInRoles.UserId
WHERE (aspnet_Users.UserName =@0)")

_sqlT.addparameter("@0", Context.User.Identity.Name)

If _sqlt.read

_roleID = _sqlt(0)

end if

end using

RestrictAccess(_roleID)

End Sub

Replace the (Less than bracket here) and the (Greater than bracket here) with the appropriate symbols. The site will not allow me to add tehm.

Thanks Scott I will have a look at that. But I am sure there must be a better easier way to do this.

PCRAGE,

Assuming I my understanding of how you have set it up, there is a much easier way. In your view Filter Expression, place this: (YourRolePFFieldName = @Session_UserRole)

Then all you need to do is assign the session value in your code.

Scott

ah that sounds like what I was looking for. I added @roleID as I thought it does have it setup std but it didn't work. Do i need to create the @Session_UserRole or does code on time do this out of the box?

There is nothing out of the box that will do this. Membership only exposes the role names.

PCRAGE, session variables need to be set by you. You could add a business rule before select on a controller to initialize the value. You could also override the UserLogin() method to initialize the value with this line http://codeontime.com/learn/security/handling-login-and-logout

HttpContext.Current.Session["MyProp"] = "myvalue";