This topic is locked
[SOLVED]

 Show List as Read-only based on user login

1/17/2019 12:10:29 PM
ASPRunner.NET General questions
D
DCherrington author

I have a project that uses Active Directory to get users to login. I have created a couple of database tables that I maintain for user access, and use ':Session.UserID' in my SQL query to link the AD login back to the user access tables. In this way I don't have to maintain passwords and I'm able to show and hide links to a set of admin pages based on whether users are in accessgroup1 or accessgroup2.
I'd like to take this a step further.
I have 2 different list pages accessible from the welcome screen. I would like accessgroup1 to have full access to List1, but read-only access to List2. I'd then like accessgroup2 to have full/normal access on both List1 and List2.
I'm trying to avoid using the "login as guest" option in order to activate read-only on the normal list layout as I need to restrict access to the data to those I specify.
Is this possible?

T
Tim 1/17/2019

Hi Dave,
I think the security API might get you what you need.
https://xlinesoft.com/asprunnernet/docs/secapi_about.htm
Here is an example of the type of thing I do (also using AD auto logon) in the "After successful login" event:
string sid = "SELECT ID FROM Staff WHERE WinLog = '" + XSession.Session["UserID"].ToString() + "' and AccessGroup = 'Full'";

XVar idrs = tDAL.CustomQuery(sid);

XVar iddata = CommonFunctions.db_fetch_array(idrs);
if (iddata) {

Security.setPermissions("MyListPage","ADESPI");

} else {

Security.setPermissions("MyListPage","S");

}
// permission code reference
/

A - add,

D - delete,

E - edit,

S - search/list,

P - print/export,

I - import,

M - admin permission. When advanced permissions are in effect (users can see/edit their own records only), this permissions grants access to all records.

/
Hope this helps.

Good luck!

Tim

admin 1/17/2019

How's about simply using Dynamic Permissions to set access rights for those groups?

D
DCherrington author 1/18/2019



How's about simply using Dynamic Permissions to set access rights for those groups?



Because to do this while using Active Directory I would have to use an Active Directory group. If I use an AD group then I have to go through IM&T in order to add or change users within the group, which means instead of users contacting me and me granting access immediately I would have to wait anywhere between 30 minutes and 2 days.
Unfortunately, IM&T don't prioritise these kinds of requests.

D
DCherrington author 1/18/2019



Hi Dave,
I think the security API might get you what you need.
https://xlinesoft.com/asprunnernet/docs/secapi_about.htm
Here is an example of the type of thing I do (also using AD auto logon) in the "After successful login" event:
string sid = "SELECT ID FROM Staff WHERE WinLog = '" + XSession.Session["UserID"].ToString() + "' and AccessGroup = 'Full'";

XVar idrs = tDAL.CustomQuery(sid);

XVar iddata = CommonFunctions.db_fetch_array(idrs);
if (iddata) {

Security.setPermissions("MyListPage","ADESPI");

} else {

Security.setPermissions("MyListPage","S");

}
// permission code reference
/

A - add,

D - delete,

E - edit,

S - search/list,

P - print/export,

I - import,

M - admin permission. When advanced permissions are in effect (users can see/edit their own records only), this permissions grants access to all records.

/
Hope this helps.

Good luck!

Tim


This works great, thanks Tim. I missed it in the userguide too so thanks for pointing out. Slight change for it to work for me. Used as follows:
string sid = "SELECT [AccessID] FROM tblUserAccess WHERE [UserName] = '" + XSession.Session["UserID"].ToString() + "'";

XVar idrs = tDAL.CustomQuery(sid);

XVar iddata = CommonFunctions.db_fetch_array(idrs);
if (iddata == "4")

{

Security.setPermissions("List1","S");

Security.setPermissions("List2","S");

Security.setPermissions("List3","S");

}

else

{

Security.setPermissions("List1","ADESPI");

Security.setPermissions("List2","ADESPI");

Security.setPermissions("List3","ADESPI");

}
In this example, AccessID 4 is my read-only usergroup. Any other usergroups will have full read/write access to all of the pages. In order to stop users not in a usergroup from seeing the data, I will restrict this via the SQL query for each list.
Thanks again Tim. Very much appreciated!