Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Event to authorize access to IW forms
#1
Hi,

I have many forms in my project.
I have created a table to put the rights of each user. 
Some users only can access some forms.

What  would be the better event to check if a user is authorized to load and see the form?
I´d like to show a dialog message in that event if the user is not authorized.

I think is a a event in servercontroller. But, what? and How to send  a async message to browse saying the user is not authorized? Is possible to send a message from servercontroller and not from a form?

I will appreciate some others ideas about it

Regards , 
Luiz
Reply
#2
The SC events are for the startup forms.

To do it on a form by form basis during normal application usage, you can make a custom function which checks the user right and then decides to show the requested form or a different form or dialog.
Reply
#3
Thank you,
But in SC, on event:
IWServerControllerBaseBeforeRender(
ASession: TIWApplication; AForm: TIWBaseForm; var VNewForm: TIWBaseForm)

how could I abort the load of a newform?
Reply
#4
Luiz,

I do it a little differently. It's a little more overhead, but I have a function that launches forms using the target form name as a parameter.

If a form isn't supposed to launch, I can launch a substitute from the same procedure.

There is a little more overhead, but not enough to matter. You can request a new form from your procedure, do testing and create exception behavior in a consistent way, before a new form is even requested from IW.

Note that using the form name as the parameter is arbitrary. It could as easily be a number but using the name constant makes it more readable for me.

The details of how you do that might be different, but the idea of doing your testing/branching before IW even knows what form you want might simplify things for you.

Dan
Reply
#5
Hi,

My form all share the same base class. TDlgBase. The constructor of this class checks if it can be shown/created by calling 

Code:
if not UserSession.SecurityMgr.Access(SecurityClass, saRead)
then HandleNoAccessRights;

SecurityClass is a class method holding the security class but defaulting to ClassName.
HandleNoAccessRights raises an exception.
Reply
#6
(11-25-2019, 03:33 AM)DanBarclay Wrote: Luiz,

I do it a little differently.  It's a little more overhead, but I have a function that launches forms using the target form name as a parameter.

If a form isn't supposed to launch, I can launch a substitute from the same procedure.

There is a little more overhead, but not enough to matter.  You can request a new form from your procedure, do testing and create exception behavior in a consistent way, before a new form is even requested from IW.

Note that using the form name as the parameter is arbitrary.  It could as easily be a number but using the name constant makes it more readable for me.

The details of how you do that might be different, but the idea of doing your testing/branching before IW even knows what form you want might simplify things for you.

Dan

Dan, but what happend if the user is not cliciking a button to access your form.
Let's suppose the user type the page URL  right into browser.
In this case, I have no way to check credentials of the user.

How do you take care of it?


Luiz
Reply
#7
Once a user is authed you can store that in the user session. IW will route all future requests to the same user session.
Reply
#8
(11-26-2019, 03:07 PM)cprmlao@hotmail.com Wrote:
(11-25-2019, 03:33 AM)DanBarclay Wrote: Luiz,

I do it a little differently.  It's a little more overhead, but I have a function that launches forms using the target form name as a parameter.

If a form isn't supposed to launch, I can launch a substitute from the same procedure.

There is a little more overhead, but not enough to matter.  You can request a new form from your procedure, do testing and create exception behavior in a consistent way, before a new form is even requested from IW.

Note that using the form name as the parameter is arbitrary.  It could as easily be a number but using the name constant makes it more readable for me.

The details of how you do that might be different, but the idea of doing your testing/branching before IW even knows what form you want might simplify things for you.

Dan

Dan, but what happend if the user is not cliciking a button to access your form.
Let's suppose the user type the page URL  right into browser.
In this case, I have no way to check credentials of the user.

How do you take care of it?

I assume you are talking about clicking a button outside IW.  If the button was inside IW, you would call your "form selection procedure" from that event.  If the button was outside IW then you would need to do something different.

I don't have that situation to deal with, but it seems to me that you could make that switch in a content handler.  Instead of allowing the URL to direct the page, use a content handler to inspect the URL and decide the target form.  It would give you a shot at redirecting before the form is launched.

Again, I haven't done that.  I'm just thinking that process would work.

The concept, in any case, is to decide which form to launch before getting IW involved in the process. Others may prefer to do it a different way, but this seems more clean to me since you haven't started launching a form.

Dan
Reply
#9
(11-20-2019, 11:14 PM)cprmlao@hotmail.com Wrote: Hi,

I have many forms in my project.
I have created a table to put the rights of each user. 
Some users only can access some forms.

What  would be the better event to check if a user is authorized to load and see the form?
I´d like to show a dialog message in that event if the user is not authorized.

I think is a a event in servercontroller. But, what? and How to send  a async message to browse saying the user is not authorized? Is possible to send a message from servercontroller and not from a form?

I will appreciate some others ideas about it

Regards , 
Luiz


There is always an active form in your application, after the main form has been shown and if it is not terminated.

You should create a single method for switching forms which is called from any place where the user can move to another form. In that method you can check the new requested form, the user and the rights. Then you can always call WebApplication.ShowMessage(). it will work for async and sync events, transparently.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)