MonoX support board

Start the conversation, ask questions and share tips and solutions with fellow developers.

Non-registered users can only browse through our support boards. Please register now if you want to post your questions. It takes a second and it is completely free. Alternatively, you can log in without registration using your credentials at major sites such as Google, Microsoft Live, OpenId, Facebook, LinkedIn or Yahoo.

Help - Creating WebPart - User Level Permissions..  (Mono Support )

Viewed 33687 time(s), 5 post(s) 2/28/2011 9:23:54 PMby shawndg
shawndg

shawndg

2/28/2011 9:23:54 PM

I am working on a web part... with user permissions.. edit and view.. based on logged in user..

I got it to compile.. got my whole project working.. my web part is showing up inside the user profile..

Now I noticed that there are some permissions and they seem to have a direct result on what a user can do with a web part..

For example..

I want to build a webpart that lets only the user who is assigned to the profile upload files to their profile.. and then.. if the user is not the assigned user.. then to just simply display those files..

Now.. Im thinking I need to do this based on.. some sort of permission or property but im not exactly sure what ones..

I can tell if a user is logged in.. but that's about as much as I can tell so far..
This content has not been rated yet. 
1871 Reputation 252 Total posts
khorvat

khorvat

3/1/2011 8:23:51 AM
Hi,

there are few approaches that you can use but everything depends on the fact whether your Web part is stand alone or you have embedded it on User profile Web part. I'll give you few hints on what you can do and with what built-in MonoX classes.

In stand alone scenario you can use "SecurityUtility" class to get the user information. But here you need to keep in mind that built-in MonoX user profile page keeps the username in the Url (it is SEO optimized) so you need to get the username from the Url and to get the proper username you should use the "UrlParams.UserProfile.UserName" strongly-typed approach.

string userName = string.Empty;
if (UrlParams.UserProfile.UserName.HasValue)
    userName = UrlParams.UserProfile.UserName.Value;

When you have a username then you can use "SecurityUtility" to get the user id, user roles, etc. You can also use the ASP.NET Membership provider for such operations (More about the Membership provider). With "SecurityUtility" you can get the profile user and current user and match them to see what permissions to apply.

In embedded to user profile scenario you need to use the "UserId" property of the user profile to check what is the profile user and you can use "SecurityUtility" to get the current user. The rest of the permission implementation is up to you.

I hope that this will point you in the right direction.

Regards.
This content has not been rated yet. 
15993 Reputation 2214 Total posts
denis

denis

3/1/2011 8:39:38 AM
Hi Shawn,
Visibility of the Web part is managed automatically. If the currently active user is a member of at least one role that is selected in the "View roles" checkbox list in the Web parts properties tab, the part is visible to him, otherwise it is not displayed.
You can programatically check the role membership:

using MonoSoftware.MonoX.Utilities;
...
bool isInRole = SecurityUtility.IsUserInRole(yourRoleName);

As for the profile page, you would probably want to check if the currently active user is the owner of the profile. The standard technique is to pass the username in the URL. You can than retrieve the user name, find it's ID and compare that to the user ID or name of the currently active user:

//retrieve the user name URL parameter 
if (UrlParams.UserProfile.UserName.HasValue) 
      userName = UrlParams.UserProfile.UserName.Value; 
//get the user name of the currently active user 
string userName = Page.User.Identity.Name; 
//get the ID of the currently active user. Other overloads enable you to get the user ID by passing the user name to this method. 
Guid userId = SecurityUtility.GetUserId();

There are various different strategies to achieve what you want. Let me know if this helps,

Denis
This content has not been rated yet. 
7207 Reputation 956 Total posts
shawndg

shawndg

3/1/2011 2:06:18 PM
Ok.. Thanks for the help.. should help point me in the right direction.

I'm thinking.. I have a need for both ways..

I want in some scenarios to just place a control a user profile.. and have it know.. if the user is logged in is the assigned user or not... and display edit or view..

I also have a need to have a whole separate page to allow for simple task.. like uploading files could in theory work better as one page.. As I plan to have a pretty detailed system when it comes to folder hierarchy and support and I prob want a pretty detailed interface.. I also want to make sure I have code reuse.. as much of this code would be usable in several controls I plan to write..

Im more of less trying to figure out the best way to do my permission system..

I dont see me having to many permission needs at first.. so .. although the simple approach is a good starting block I do see a future need for a more detailed permissions system.. with rules.. etc.. So It may be a good idea for me to at least some sort of basic rule support to my initial code.

I am a little concerned too.. about having the webpart know it can only be placed on a user profile.. .. maybe something like you said..

if (UrlParams.UserProfile.UserName.HasValue) 
{
userName = UrlParams.UserProfile.UserName.Value; 
else
{
// WebPart Needs to be placed on.. user profile page.
}


Or is there a better way to do this ? or is this method ok.. ?
This content has not been rated yet. 
1871 Reputation 252 Total posts
khorvat

khorvat

3/1/2011 3:42:47 PM
Hi,

you need to distinguish user profile module (the one that I have been talking about in previous post) and user profile page. You will not benefit much by placing your Web part on the user profile page because it will be threated like every other page so you will need to handle everything as you have mentioned above.

Maybe you are looking for something like this. You can extend the user profile Web part so you can lean on user profile data binding, and some of the permission rules are already implemented for you.


Let me know if this helps, Regards.
This content has not been rated yet. 
15993 Reputation 2214 Total posts