How to Implement Global Action (Functionality) for All Controllers? - asp.net-mvc

We are developing .NET MVC 5 project and we have document generation toolkit which must be used and available globally on every controller.
The main idea is if there is any document related with a controller or an action, the user need to access that document inside that controller. basicly, I have a table which stores areaname, controller, action and related document id. If the user click "show documents" button in any screen. System checks whether there are documents available for specified area,controller and action, and if there is, the available documents needed to be shown to the user for further action.
so, for this purpose, I read several documents and I ended up with a method. But, I am not sure whether this is correct approach or not.
One way is extending controller with "Extension By Delegion" which is referenced in this post
If you have any suggestions, please give me feedback.
thank you

Related

Locating Models in the Umbraco hierarchy

I am helping a friend of mine to edit a few things on his website that was built using Umbraco. I am not the original author and I am pretty new to Umbraco but, I can't seem to find the answer anywhere. There is a form that is being used to send an email whenever someone wants to order supplies from the website. The form was previously working. However, he has lost access to the email account and had to create a new one. The problem is I cannot seem to locate the model to look inside of it and change where the emails are being sent.
I cannot locate the Models (there are multiple) in the Umbraco hierarchy even though I can find references to where they're are called inside of the different forms. See below:
#inherits Umbraco.Web.Mvc.UmbracoViewPage<Aeon.Models.OrderSuppliesModel>
I know this is not a URL so I am a little confused on why this is not in any of the Umbraco hierarchy. I know that since it is referencing something and previously worked it has to be there somewhere. The only other place I would think they could be is in the root directory which I don't have access to yet. Could they possibly be located there? Any type of help on this matter would be greatly appreciated.
Since you don't have access to the code, you will have to hope there is a variable somewhere which lets you set the email, rather than it being hardcoded into the controller.
Umbraco nodes
Sometimes Umbraco developers store the email on a field on a node in Umbraco. The common places are:
on the page node which has the form on it
on a settings node
on the home page node
Web.config
The Web.config also has a section which can be used to easily setup variables. Checkout the <appSettings> section to see if there are keys and/or values which might indicate they're used for email.
Also, you haven't specifically said if it is the SMTP email account which has broken, or if it's the email account which submissions are being sent to. Look for the <mailSettings> section on the Web.config if you want to see the SMTP settings. There may be a 'from' field on the <smtp> element.
umbracoSettings.config
In the umbracoSettings.config there is an element which will look something like this:
<notifications>
<!-- the email that should be used as from mail when umbraco sends a notification -->
<email>your#email.here</email>
</notifications>
Forms are not directly handled within Umbraco. I am assuming you are using ver 6+.
To get a form to work you rely on the core MVC functionality, which means you create a Surface Controller with Get and POST actions to handle the logic.
There will be a reference to the specific model being passed to the view within the controller logic, but its common for standard static configuration information to be stored in an Umbraco node itself. Example of such are "SMTP server" "From Address" & "Use Encryption" etc. Some people as an alternative store this information as keys in web.config.
If you are specifically looking to change the model being passed to the form (OrderSuppliesModel), if you are using Visual Studio, the model should be colored in a teal color and when you hover over it, it shows the full namespace. Click it and press F12. This should link you directly to the class module.
hope it helps.
If you're lucky, they're using Umbraco Forms/Contour. When you log into the back office, do you see a section called either "Forms" or "Contour"?
If so, you should be able to find the form in the Forms tree, and at the bottom of the form you should be able to edit the workflows, which will allow you to change who gets emails sent to them etc.
If you don't have those sections, could you post the view that has the form on so we can see what it's doing please?

Integrating custom view without a model into admin

I'm trying to figure out how to integrate a given view into the admin url scheme without manually setting up the url.
Background:
I have three models for which I get data in one CSV file (don't even ask why...). So the import view is not bound to a given model in my concept.
Is there any way to register a view without a model to the default admin site, so that I can add the view to the sidebar block in app_index with an url relative to the app (like "app/import")?
I would like to avoid writing the "admin/app/import" url to my urlconf. However, if that can't be avoided, could someone give me some tips how to at least make them portable? (like variables containing the apps name/base url for the app admin)
I don't know all the magic behind django yet.

Application Logic (Proper place for Authentication/Authorization)

I am developing a CMS like application using MVC 3 (RC2) and I am in crossroads at this point. I am unable to convince myself if my proposed approach is appropriate or not. I guess it is because I am aware that I am trying to cut some corners which will cost me heavily later down the line.
I will get right down to describing my problem:
1) I have a resource (lets call it A) which has to be made editable.
2) I have a custom permission system implemented which has 2 (of many) permissions:
Can Edit Own Resource
Can Edit Other Resource
3) Creator of resource A is free to edit it if they have 'Can Edit Own Resource' permission.
4) A separate user can only edit A if they have permission 'Can Edit Other Resource'
Now that the requirement is described, let me tell you my approach so far:
1) I have a controller called 'ResourceController'
2) I have a action called 'Edit'
3) The action has a attribute on it: [CustomerAuthorize(Perm.CanEditOwnResource, Perm.CanEditOtherResource, Any = true)]
4) I have a service class which takes care of domain validation.
So a user get call the action method if they have either the 'Can Edit Own Resource' or 'Can Edit Other Resource' permission.
How do I decide (and where should this decision be made) on whether the user has the right permission or not (depending on whether they own the resource?) Should it be in the controller action, in the resource service class, in a separate service class?
Waiting to hear different views...
Because of the nature of MVC, you will want to have your authentication checks at a variety of points.
For one, you'll need to be able to display visual cues on the UI (i.e. show the edit button or not show it), so the logic will have to be made available to your Views.
Of course, that's only for UI purposes. You'll want authentication/authorization on your controller actions as well, just in case someone goes around your UI to access it.
Finally, the most secure place to authenticate and authorize an action is right before you perform it. If you have a handler, for example, I would place some authorization logic there. You want to make sure that no one can write around your security logic by calling the service from somewhere else, and not knowing that there were restrictions on that service. This helps make the security options more granular as well.
One way to approach it is to have 2 actions, instead only "Edit", you have "EditOwnResource" and "EditOtherResource". You can then place a single permission on each of these.
Then if you are using the MVVM pattern you can bind the availability of these actions to wether it is an ownResource or otherResource. The setting of these values is done in the view model.

How to have previous and next button in the django admin (change_form)

I want to modify the django admin for a particular model to provide the following behaviour.
A user make a search on the change_list page. The the user click a specific entry and he lands on the change_form for that entry. Nothing different to the usual.
Now, what I want is a mean to navigate the former search results. Basically next and previous buttons on the edit page.
What would be the best approach to implement this feature without modifying the admin site too much?
I will need to memorize the search in the user session, then when an entry is clicked I will need to known which place it has within the results to place my "cursor" accordingly. But I'm a bit in the cloud as the implementation side.
One way is to just put the next and previous button in the template for that particular model.
This can be implemented using simple javascript.
I ended writing a fully custom admin for that.

Disable link if user is not allowed to access target

I have created an ASP.NET MVC application and created different kind of roles for my users. I have then created different kinds of AuthorizeAttributes for allowing/disallowing access to different Actions in my controls.
However I have got a lot of links that points to different of theese actions that are restricted for different roles. Can you somehow fix so that theese links get disabled automatically? I could of course add a lot of UserIsInRole(....)-stuff in my code but I really would prefer not to if there is a better way.
Du you have any suggestions?
Are they in a list or menu? Is this something your controller could pass to your View? you could pass out a list of all allowed (or forbidden, whichever is more appropriate) and check that before you display a link.
if (allowedLink.Contans(myLink)
// show enabled link
else
//show disabled
The other good way would be to override the HtmlHelper for ActionLinks and make it do the check for permissions for you. Then if they do not have permissions, your html helper would display it disabled.
For examples, see this link http://www.asp.net/learn/mvc/tutorial-09-cs.aspx
Off the top of my head...
• You can set the onClick action for each link to do nothing.
• You can set the URL for the link to "#", which does nothing.

Resources