// It obtains the action path for a custom or standard view.
// Note the following:
// a) You must define the related custom view (template) in the
// DynamicData/PageTemplpates folder.
// b) You must also define the route in the Gloab.asax file.
// c) You must apply the SecurityAttribute to the tables you
// want to display.
// Inline syntax:
// NavigateUrl='<%# ((MetaTable)Page.GetDataItem()).GetActionPath
// "AnonymousList") %>'>
protected string GetActionPath(string view)
{
string actionPath = String.Empty;
// Instantiate the SecurityInformation
// utility object.
DynamicDataSecurity secInfo =
new DynamicDataSecurity();
if (secInfo.IsUserInAdmimistrativeRole() ||
secInfo.IsUserInAuthenticatedRole())
{
actionPath =
((MetaTable)Page.GetDataItem()).GetActionPath(
PageAction.List);
}
else
{
// For non authenticated users allow limited
// functionality as defined in Global.asax.
actionPath =
((MetaTable)Page.GetDataItem()).GetActionPath(view);
}
return(actionPath);
}
// Enable delete button only to allowed users.
private void SetDelete(TableRow row)
{
// Instantiate the SecurityInformation
// utility object.
DynamicDataSecurity secInfo =
new DynamicDataSecurity();
foreach (Control c in row.Cells[0].Controls)
{
// Deny delete capability to users that are
// not administrators
if (!secInfo.IsUserInAdmimistrativeRole() &&
secInfo.IsUserInAuthenticatedRole())
{
// Do not allow delete.
LinkButton btn = c as LinkButton;
if (btn != null &&
btn.CommandName ==
DataControlCommands.DeleteCommandName)
{
btn.Visible = false;
btn.OnClientClick = null;
btn.Enabled = false;
}
}
}
}
/// <summary>
/// Determine access to tables based on ASP.NET authentication
/// and security attribute as applied to the tables in the
/// data model.
/// </summary>
/// <param name="route">The route used by
/// ASP.NET Dynamic Data. This is in the format
/// {table}/{action}.aspx and is defined in Global.asax</param>
/// <param name="table">The metadata that describes a table
/// for use by Dynamic Data pages.</param>
/// <param name="action">The action allowed for the table from the
/// route.</param>
/// <returns></returns>
public IHttpHandler CreateHandler2(
DynamicDataRoute route, MetaTable table, string action)
{
// Store the ASP.NET authenticated roles
string[] roles = Roles.GetAllRoles();
// Obtain the roles that have administrative
// access rights.
Attribute[] adminRoles =
Attribute.GetCustomAttributes(typeof(AdminRoles));
// Obtain the roles that have limited
// access rights.
Attribute[] anonymousRoles =
Attribute.GetCustomAttributes(typeof(AnonymousRoles));
// Allow tables access based on the authenticated
// roles and on the security attributes applied
// to the tables.
for (int i = 0; i < roles.Length; i++)
{
// Check if the user is an authenticated
// administrator.
foreach (SecurityAttribute admin in
adminRoles.OfType <SecurityAttribute>())
{
if (
(Roles.IsUserInRole(admin.Role)) &&
(admin.Action == "All")
)
{
// Allow complete access.
return(base.CreateHandler(route, table, action));
}
}
// Instantiate the SecurityInformation
// utility object.
DynamicDataSecurity secInfo =
new DynamicDataSecurity();
// Check if the user is an administrator
// and is authenticated.
if (secInfo.IsUserInAdmimistrativeRole())
{
// Allow complete access.
return(base.CreateHandler(route, table, action));
}
// Check if the user is authenticated.
// Allow those actions permitted by the
// security attributes.
if (Roles.IsUserInRole(roles[i]))
{
foreach (SecurityAttribute attribute in
table.Attributes.OfType <SecurityAttribute>())
{
// Allow access the permissible actions.
if (attribute.Role == roles[i] &&
attribute.Action == action)
{
return(base.CreateHandler(route, table, action));
}
}
}
}
// Search for roles that have limited access
// to the database tables.
// Allow access to those tables that
// are marked with the roles having limited access.
// Note this check is important to allow
// anonymous access; otherwise you would not
// have any table showing in the scaffolded list
// in the default.aspx page.
foreach (SecurityAttribute anonymous in
anonymousRoles.OfType <SecurityAttribute>())
{
foreach (SecurityAttribute entityRole in
table.Attributes.OfType <SecurityAttribute>())
{
if (entityRole.Role == anonymous.Role)
{
// Allow limited access.
return(base.CreateHandler(route, table, anonymous.Action));
}
}
}
// No role and no attribute exist; access is denied.
return(null);
}
