I'm using a 3rd party Menu control...
How I handle the events is in the same class which is constructing the
menu:
public void ToolbarsManager_ToolClick(object sender, ToolClickEventArgs
e)
{
try
{
string keyName = e.Tool.Key;
string className = "OOCL.ImportProcessPlan.UI." +
this.GetForm(keyName);
switch (keyName)
{
case "Aexit":
System.Windows.Forms.Application.Exit();
break;
case "AscreenShot":
DateTime now = DateTime.Now;
System.Drawing.Bitmap bmp =
ScreenShot.GetScreenShot();
bmp.Save(@"C:\" + now.Year.ToString() +
now.Month.ToString() + now.Day.ToString() + now.Hour.ToString() +
now.Minute.ToString() + now.Second.ToString() +
now.Millisecond.ToString() +
".jpg",System.Drawing.Imaging.ImageFormat.Jpeg);
break;
default:
if(!keyName.StartsWith("F"))
{
Assembly ass = Assembly.GetEntryAssembly();
if(className !=
"OOCL.ImportProcessPlan.UI.")
{
System.Windows.Forms.Form form =
(System.Windows.Forms.Form)ass.CreateInstance(className,true);
form.Show();
}
}
break;
}
}
catch(Exception
ex){System.Diagnostics.Debug.WriteLine(ex.Message);}
}
Regards,
J. Vince Pacella / OOCL Chicago
Cell 773-454-8683 Fax - 773-867-5050
Cargo Tracking Online at:
www.cargosmart.com
> -----Original Message-----
> From: Unmoderated discussion of advanced .NET topics.
> [mailto:[EMAIL PROTECTED] On Behalf Of Girish Jain
> Sent: Thursday, February 03, 2005 7:53 AM
> To: [email protected]
> Subject: Re: [ADVANCED-DOTNET] Architecture question on
> security and permissions
>
>
> Hi Vince,
>
> While searching for something related with my project, I came
> across this message of yours. I have a few queries, I really
> am not able to understand it...
>
> When you are dynamically building the controls on your form
> then how do you associate event handlers for the controls?
> The code for passing data from form to your BLL (i.e. say
> taking the "Text" property of your textbox and passing it to
> a property of another class).
>
> If you can share your code then it will be of great help.
>
> Thanks in advance
>
> Regards,
> Girish Jain
>
> >From: "Vince P." <[EMAIL PROTECTED]>
> >Reply-To: "Unmoderated discussion of advanced .NET topics."
> ><[email protected]>
> >To: <[email protected]>
> >Subject: Re: [ADVANCED-DOTNET] Architecture question on security and
> >permissions
> >Date: Mon, 10 Jan 2005 07:51:54 -0600
> >
> >That's similar to what I do.
> >
> >In addition to using Windows security for authentication, I
> have my own
> >roles that one can be assigned to, which is stored in a SQL table.[2]
> >
> >In my class which is the base class of an inheritance
> structure, I have
> >this sort thing to determine if commands are visible or
> enabled based
> >on role [3]
> >
> >However, I ended up not being pleased by this because changes to the
> >business security rules required changes to the code. So what I did
> >was create a table of commands in SQL and in my application I
> >dynamically build menus/btns from the output of queries on
> the command
> >table which take into account the role of the user. [1]
> >
> >[1]
> >CREATE TABLE [dbo].[AppCommands] (
> > [rowguid] uniqueidentifier ROWGUIDCOL NOT NULL ,
> > [KeyName] [nvarchar] (50) // Keyname is the key of the UI
> >control. I'm using 3rd party UI that have this property
> > [CaptionName] [nvarchar] (50) // Text on the button , etc
> > [IsRoot] [bit] NOT NULL , // Should be the top most
> menu item
> >(File, Edit, Window, etc)
> > [ChildOf] [uniqueidentifier] NULL , // rowguid of
> the command
> >under
> >which this should appear
> > [OrderPosition] [int] NULL , // ordial position of
> the command in
> >the list
> > [DoesStartGroup] [bit] NOT NULL , // determines if
> a seperator
> >should appear above this item
> > [ForAll] [bit] NOT NULL , // Role
> > [ForRep] [bit] NOT NULL , // Role
> > [ForMGT] [bit] NOT NULL , // Role
> > [ForBPS] [bit] NOT NULL , // Role
> > [FormName] [nvarchar] (100) // If command is to
> open a form, name
> >of
> >the form for dynamic invocation
> >) ON [PRIMARY]
> >GO
> >
> >[2]
> >
> >protected void SetSecurityNames()
> > {
> > // Send Enviroment.UserName to db to get
> >dynamic list of Roles.User can be in zero or many roles
> > StaffBusiness sf = new StaffBusiness();
> > string[] roles = sf.GetRoles(Environment.UserName);
> > FrameworkBase.UserRoles = roles;
> > gPrinc = new GenericPrincipal(currentUser,roles);
> > FrameworkBase.GPrinc = gPrinc;
> >
> > }
> >
> >
> >[3]
> >
> >if (gPrinc.IsInRole("MGT") == true)
> >{
> >commandVesselFunctions.Enabled = true;
> commandVesselFunctions.Visible =
> >true; ...
> >}
> >
> >if( gPrinc.IsInRole("BPS") == true)
> >{
> >
> >commandVesselFunctions.Enabled = true;
> commandVesselFunctions.Visible =
> >true; commandCargoOwner.Enabled = true;
> >commandCargoOwner.Visible = true;
> >}
> >
> >CC 1A 5B 94 D0 75 09 B4
> >USA USA USA USA USA
> >http://www.vinnychi.com/vince
> >Did you think that I was gonna give it up to you?
> >
> >
> > > -----Original Message-----
> > > From: Unmoderated discussion of advanced .NET topics.
> > > [mailto:[EMAIL PROTECTED] On Behalf Of Sami
> > > Vaaraniemi
> > > Sent: Monday, January 10, 2005 7:23 AM
> > > To: [email protected]
> > > Subject: Re: [ADVANCED-DOTNET] Architecture question on
> security and
> > > permissions
> > >
> > > I had to do something similar in a project I worked on. The
> > > situation never got really complex so I got away with just coding
> > > the UI-centric business logic case by case in my form's
> > > initialization code.
> > > Essentially: adminOnlyButton.Visible = user.IsInRole("admin") etc.
> > >
> > > I've thought about this problem since and if I had to do it again
> > > now, I'd probably do something similar to the Visitor pattern. I
> > > would decorate controls with custom attributes like so:
> > >
> > > [RoleRequired("admin")]
> > > protected Button AdminOnlyButton;
> > >
> > > I'd then have another generic class that would use
> reflection to go
> > > over controls in a form and based on current user's role and the
> > > attributes attached to the controls, it would show or hide or
> > > disable the controls
> > > as appropriate. So the real work would be to code this
> > > generic class and
> > > after that you'd just attach attributes to controls in forms.
> > >
> > > Note that this is only an idea so I'm not sure of how feasible it
> > > would be in really complex cases.
> > >
> > > Note also that no matter what security related stuff you
> do in the
> > > UI, you'll also need to check everything in the business
> layer too.
> > > Hiding or disabling a control provides no real security at all,
> > > you'll have to check the authorization again in business code.
> > >
> > > Regards,
> > > Sami
> > >
> > > > You said "I would just put the conditions direct in
> > > > the form."
> > > >
> > > > In my previous project this was a pain to implement so
> > > hence one of my
> > > > questions. I used to have a form showing a list of all
> > > Clients and then a
> > > > form with edit functionalities. The issue was that in order
> > > to edit or
> > > > delete certain clients you had to had certain security
> > > attributes that
> > > > related to other business rules, per example, if the user
> > > was the Store
> > > > Manager or Company Admin. So the logic of allowing the user
> > > to edit or
> > > > delete was based on the client and other complex rules that
> > > made more sense
> > > > as a Business rule rather than strict UI logic.
> > > >
> > > > I was unable to find a satisfactory solution so ended up
> > > doing what you
> > > > propose but found myself very quickly having a complex "if
> > > then if" for all
> > > > the special roles.
> > > >
> > >
> > > ===================================
> > > This list is hosted by DevelopMentorR http://www.develop.com
> > >
> > > View archives and manage your subscription(s) at
> > > http://discuss.develop.com
> > >
> >
> >===================================
> >This list is hosted by DevelopMentor(r) http://www.develop.com
> >
> >View archives and manage your subscription(s) at
> >http://discuss.develop.com
> >
>
> _________________________________________________________________
> Try the all-new MSN Search! Find exactly what you want.
> http://search.msn.co.in Get more value for your time.
>
>
> ===================================
> This list is hosted by DevelopMentor(r) http://www.develop.com
>
> View archives and manage your subscription(s) at
> http://discuss.develop.com
>
>
IMPORTANT NOTICE
Email from OOCL is confidential and may be legally privileged. If it is not
intended for you, please delete it immediately unread. The internet cannot
guarantee that this communication is free of viruses, interception or
interference and anyone who communicates with us by email is taken to accept
the risks in so doing. Without limitation, OOCL and its affiliates accept no
liability whatsoever and howsoever arising in connection with the use of this
email. Under no circumstances shall this email constitute a binding agreement
to carry or for provision of carriage services by OOCL, which is subject to the
availability of carrier's equipment and vessels and the terms and conditions of
OOCL's standard bill of lading which is also available at http://www.oocl.com.
===================================
This list is hosted by DevelopMentor� http://www.develop.com
View archives and manage your subscription(s) at http://discuss.develop.com
