Make MVP Aware Of Security Model

[Jeff S]

I'm implementing the Model View Presenter (MVP) pattern in a Windows Forms
application. There is a need to control which forms (views) are accessible
by specific users, and for some forms (views) to enable/disable/hide
controls for certain users or groups.

For sake of this question, please go with the model being a Person object
and the view enabling users to modify Person properties.

1. What would be a good way to have the view appear with certain UI controls
enabled/disabled/hidden for different users?

2. Same question as #1, but for enabling/disabling entire forms for
different users.


Thanks for your time and consideration.

-Jeff

 

[Patrick]

Hi Jeff,
If using a database, you can create table with columns like these:

UserGroupID (or UserID) NOT NULL
ParentFormSecurityToken NULL
ChildConrolSecurityToken NULL
LinkToParentForm NULL

Then decorate each form and conrol with attribute that will tell you wether
the user has permission or not.
[HasPermissions(string SecurityToken)]
The attribute class will load the permissions for that user and check to see
if they have access.

But of course, if anyone else has a better way of doing it please chime in
because I have to implement the same thing coming up real soon

--Patrick

 

[Jeff S]

Yes, I'll be persisting the user security info to a database. I'm
particularly interested in integrating those settings with the MVP setup
without introducing nay new dependencies if possible and while
simultaneously keeping the forms and controls as dumb as possible. I'm not
familiar with the attribute-based approach you pointed out. Where can I find
more on that (yes I'll do some research on my own but was thinking/hoping
you might have a handy link or reference)?

-Jeff

Hi Jeff,
If using a database, you can create table with columns like these:

UserGroupID (or UserID) NOT NULL
ParentFormSecurityToken NULL
ChildConrolSecurityToken NULL
LinkToParentForm NULL

Then decorate each form and conrol with attribute that will tell you
wether the user has permission or not.
[HasPermissions(string SecurityToken)]
The attribute class will load the permissions for that user and check to
see if they have access.

But of course, if anyone else has a better way of doing it please chime in
because I have to implement the same thing coming up real soon

--Patrick

I'm implementing the Model View Presenter (MVP) pattern in a Windows
Forms application. There is a need to control which forms (views) are
accessible by specific users, and for some forms (views) to
enable/disable/hide controls for certain users or groups.

For sake of this question, please go with the model being a Person object
and the view enabling users to modify Person properties.

1. What would be a good way to have the view appear with certain UI
controls enabled/disabled/hidden for different users?

2. Same question as #1, but for enabling/disabling entire forms for
different users.


Thanks for your time and consideration.

-Jeff

 

[Patrick]

Well, this is something I've thought about. Can't really send you a link on
the topic.
I'm looking for an "easier" way to accomplish this myself. I believe that
Microsoft has a security application block that *might* come in handy. Keep
us posted if you have a eureka moment

Yes, I'll be persisting the user security info to a database. I'm
particularly interested in integrating those settings with the MVP setup
without introducing nay new dependencies if possible and while
simultaneously keeping the forms and controls as dumb as possible. I'm not
familiar with the attribute-based approach you pointed out. Where can I
find more on that (yes I'll do some research on my own but was
thinking/hoping you might have a handy link or reference)?

-Jeff

Hi Jeff,
If using a database, you can create table with columns like these:

UserGroupID (or UserID) NOT NULL
ParentFormSecurityToken NULL
ChildConrolSecurityToken NULL
LinkToParentForm NULL

Then decorate each form and conrol with attribute that will tell you
wether the user has permission or not.
[HasPermissions(string SecurityToken)]
The attribute class will load the permissions for that user and check to
see if they have access.

But of course, if anyone else has a better way of doing it please chime
in
because I have to implement the same thing coming up real soon

--Patrick

I'm implementing the Model View Presenter (MVP) pattern in a Windows
Forms application. There is a need to control which forms (views) are
accessible by specific users, and for some forms (views) to
enable/disable/hide controls for certain users or groups.

For sake of this question, please go with the model being a Person
object and the view enabling users to modify Person properties.

1. What would be a good way to have the view appear with certain UI
controls enabled/disabled/hidden for different users?

2. Same question as #1, but for enabling/disabling entire forms for
different users.


Thanks for your time and consideration.

-Jeff

 

[Ravi Ambros Wallau]

Hi, Jeff:
Microsoft has a MVC implementation (UIPAB), but this is not the solution
for your problem, but it can help on some other things.
I've made something like what you want to do. My suggestion is to create
your own controls, like a custom button, in a class that is derived from
standart button. This control should check something to see if it should be
enabled or not (make it customizable and extendable, using interfaces and
implementations to perform these checks)... This control SHOULD NOT access
database itself. It should call a security class, that will call a checking
class, that will call a DAL, that will access any storing place (a database,
in your case)...
There are some tricks to create controls, but nothing really painfull.
Make some google checking for that, or ask here again if you can't find
nothing usefull (I had the source code of a retail manufacturer, so it was
easy for me to know how to do custom controls)...

Good luck,
Ravi Wallau.

 

[Ravi Ambros Wallau]

You can create a base page class as well...
This class should NOT BE abstract in any case...