c# - Permission based security model -

-

in windows forms payroll application employing mvp pattern (for small scale client) i'm planing user permission handling follows (permission based) implementation should less complicated , straight forward.

note : system simultaneously used few users (maximum 3) , database @ server side.

this usermodel. each user has list of permissions given them.

class user {     string userid { get; set; }     string name { get; set; }     string nic {get;set;}     string designation { get; set; }     string password { get; set; }     list <string> permissionlist = new list<string>();     bool status { get; set; }     datetime entereddate { get; set; } }

when user log in system keep current user in memory.

for example in bankaccountdetailentering view, can control permission access command button follows.

 public partial class bankaccountdetailentering : form     {         bool accounteditable {get; set;}          public bankaccountdetailentering ()         {             initializecomponent();         }          private void bankaccountdetailentering_load(object sender, eventargs e)         {             cmdeditaccount.enabled = false;              onloadform (sender, e); // event fires...              if (accounteditable )             {                 cmdeditaccount.enabled=true;             }          }     }

in purpose relevant presenters (like bankaccountdetailpresenter) should aware of usermodel in addition corresponding business model presenting view.

class bankaccountdetailpresenter {         bankaccountdetailentering _view;     bankaccount _model;     user _usermodel;     dataservice _dataservice;      bankaccountdetailpresenter( bankaccountdetailentering view, bankaccount model, user usermodel, dataservice dataservice )     {         _view=view;         _model = model;         _usermodel = usermodel;         _dataservice = dataservice;         wireupevents();     }      private void wireupevents()     {         _view.onloadform += new eventhandler(_view_onloadform);     }      private void _view_onloadform(object sender, eventargs e)     {          foreach(string s in _usermodel.permissionlist)          {              if( s =="caneditaccount")             {                 _view.accounteditable =true;                 return;             }         }     }      public show()     {         _view.showdialog();     } }

so i'm handling user permissions in presenter iterating through list. should performed in presenter or view? other more promising ways this?

thanks.

"the presenter acts upon model , view. retrieves data repositories (the model), , formats display in view." - mvp

so presenter formats data, me looks presenter contains kind of business logic - checks if user can modify account. if forget check in 1 of forms? should in underlying layer (probably, service).


Comments

Post a Comment

Popular posts from this blog

database - VFP Grid + SQL server 2008 - grid not showing correctly -

-
i having problem, have grid called "gridbasica" , this: thisform.gridbase.recordsource = "sgviemp" sgviemp cursor made executing select sqlserver command sqlexec. when want modify registry, go form , the update there. so, when come form grid, grid isnt grid anymore, big white rectangle. reading around said: delete recordsource , asingt again. thisform.gridbase.recordsource = "" *--i sqlexe here thisform.gridbase.recordsource = "sgviemp" i , works, but, when click button modify again cursos updated modify form doesnt load fields did first time. could me out that? thanks in advance. --------------- edit ------------------ i have been doing recommended: lnselect = select(0) n = sqlexec(thisform.conexion,"select emp_ccodigo codigo, emp_cnombre 'nombre o razon social', emp_cnumrif 'r.i.f' sgviempr","sgviemp1") set echo on suspend select sgviemp zap in sgviemp *-- browse *--zaps correct
Read more

jquery - Set jPicker field to empty value -

-
im using jpicker color selector in form. have clear value set window/icon 'no color selected' state. i've tried following: $(':input[name="color"]').val(''); //access value directly. (does not affect jpicker) 2: $.jpicker.list[0].color.active.val('hex', '', this); //set color black , input value 000000, instead of empty string 3: $.jpicker.list[0].color.active.val(null, '', this); //does nothing none of 3 methods seems behave properly. in advance. this works me :) $.jpicker.list[0].color.active.val('v', null); here example: http://jsfiddle.net/3up7n/
Read more

.htaccess - htaccess convert request to clean url and add slash at the end of the url -

-
ok , searched more 4 days , more 20 posts here in stach or in websites without kind of success first here htaccess file rewriteengine on rewriterule ^([a-za-z0-9_]+)/?$ index.php?page=$1 [nc] rewriterule ^([a-za-z0-9_]+)\/([a-za-z0-9_]+)\/?$ index.php?page=$1&action=$2 [nc] i tried many codes 1 worked me can call request , works me www.example.com/pagename => www.example.com/index.php?page=pagename here questions , please provide me information "in detail" understand code well 1- how convert request automatically www.example.com/index.php?page=pagename www.example.com/pagename 2- if tried add slash @ end shows me page without images or styling mean www.example.com/pagename => works www.example.com/pagename/ => doesn't work that's :) for first part need 301 rule this: rewritecond %{the_request} /index\.php\?page=([^\s&]+) [nc] rewriterule ^ /%1? [r=301,l] for second part use absolute path in css, js, images files r
Read more