1
Vote

NotAClue.Web.DynamicData.SecurityExtensionMethods.HasTableAction

description

 public static Boolean HasTableAction(this MetaTable table, TableActions tableAction)
        {
            // get ALL secure table attributes
            var tableRestrictions = table.Attributes.OfType<SecureTableAttribute>();
            // get user roles
            var usersRoles = Roles.GetRolesForUser();
            // set any buttons visible flag
            var anyButtonsVisible = false;
            if (tableRestrictions.Count() > 0)
            {
                foreach (var tp in tableRestrictions)
                {
                    var hasRole = tp.HasAnyRole(usersRoles);
                    if (hasRole && (tp.Actions & tableAction) == tableAction)
                        anyButtonsVisible = true;
                }
            }
            return anyButtonsVisible;
        }
should be
 public static Boolean HasTableAction(this MetaTable table, TableActions tableAction)
        {
            // get ALL secure table attributes
            var tableRestrictions = table.Attributes.OfType<SecureTableAttribute>();

            // if no restriction exist then full access is granted
            if (tableRestrictions.Count() == 0) return true;

            // get user roles
            var usersRoles = Roles.GetRolesForUser();
            // set any buttons visible flag
            var anyButtonsVisible = false;
           foreach (var tp in tableRestrictions)
            {
                var hasRole = tp.HasAnyRole(usersRoles);
                if (hasRole && (tp.Actions & tableAction) == tableAction)
                    anyButtonsVisible = true;
            }
            return anyButtonsVisible;
        }

comments

sjnaughton wrote Apr 24, 2013 at 5:03 PM

Maybe this should be an opt-in option not just the way it's baked in :) I'll think about it and make the changes needed :)

pumanet wrote Apr 26, 2013 at 7:49 AM

It looks the way you use in NotAClue.Web.DynamicData.SecureDynamicDataRouteHandler.CreateHandler
isn't it?
thanks for the good job!

sjnaughton wrote Apr 26, 2013 at 11:56 AM

Thanks I have a lot more to add but I have been out of it with a heart attack and then a triple heart bypass operation :( but I am getting back to work now slowly.

Steve