void SetEditLinksAndVisibilityBasedOnPermissions(DataSet ds) { if (User != null && TabId != Null.NullInteger) { //Provide a permission aware EditLink as an additional column to the dataset var security = new ModuleSecurity(ModuleId, TabId, Settings); var createdByColumnName = ColumnNameByDataType(ds, DataTypeNames.UDT_DataType_CreatedBy); ds.Tables[DataSetTableName.Data].Columns.Add(DataTableColumn.EditLink, typeof (string)); var urlPattern = EditUrlPattern ?? Globals.NavigateURL(TabId, "edit", "mid=" + ModuleId, DataTableColumn.RowId + "={0}"); foreach (DataRow row in ds.Tables[DataSetTableName.Data].Rows) { var rowCreatorUserName = row[createdByColumnName].ToString(); var isRowOwner = Convert.ToBoolean((rowCreatorUserName == User.Username) && rowCreatorUserName != Definition.NameOfAnonymousUser); if (security.IsAllowedToEditRow(isRowOwner)) { row[DataTableColumn.EditLink] = string.Format(urlPattern, row[DataTableColumn.RowId]); } } //Adjust visibility to actual permissions foreach (DataRow row in ds.Tables[DataSetTableName.Fields].Rows) { row[FieldsTableColumn.Visible] = Convert.ToBoolean(row[FieldsTableColumn.Visible]) || (security.IsAllowedToSeeAllUserDefinedColumns() && (DataType.ByName(row[FieldsTableColumn.Type].ToString()). IsUserDefinedField || Settings.ShowSystemColumns)); } } }
void CheckPermission(bool isUsersOwnItem = true) { var security = new ModuleSecurity(ModuleContext); if ( !((! IsNewRow && security.IsAllowedToEditRow(isUsersOwnItem)) || (IsNewRow && security.IsAllowedToAddRow() && (security.IsAllowedToAdministrateModule() || HasAddPermissonByQuota() )))) { if (IsNested()) { cmdUpdate.Enabled = false; divForm.Visible = true; } else { Response.Redirect(Globals.NavigateURL(ModuleContext.TabId), true); } } else { _hasUpdatePermission = true; } _hasDeletePermission = Convert.ToBoolean(security.IsAllowedToDeleteRow(isUsersOwnItem) && ! IsNewRow); cmdDelete.Visible = _hasDeletePermission; }