I have created an ASP.NET MVC application and created different kind of roles for my users. I have then created different kinds of AuthorizeAttributes for allowing/disallowing access to different Actions in my controls.
However I have got a lot of links that points to different of theese actions that are restricted for different roles. Can you somehow fix so that theese links get disabled automatically? I could of course add a lot of UserIsInRole(....)-stuff in my code but I really would prefer not to if there is a better way.
Du you have any suggestions?
Are they in a list or menu? Is this something your controller could pass to your View? you could pass out a list of all allowed (or forbidden, whichever is more appropriate) and check that before you display a link.
if (allowedLink.Contans(myLink)
// show enabled link
else
//show disabled
The other good way would be to override the HtmlHelper for ActionLinks and make it do the check for permissions for you. Then if they do not have permissions, your html helper would display it disabled.
For examples, see this link http://www.asp.net/learn/mvc/tutorial-09-cs.aspx
Off the top of my head...
• You can set the onClick action for each link to do nothing.
• You can set the URL for the link to "#", which does nothing.
Related
I am helping a friend of mine to edit a few things on his website that was built using Umbraco. I am not the original author and I am pretty new to Umbraco but, I can't seem to find the answer anywhere. There is a form that is being used to send an email whenever someone wants to order supplies from the website. The form was previously working. However, he has lost access to the email account and had to create a new one. The problem is I cannot seem to locate the model to look inside of it and change where the emails are being sent.
I cannot locate the Models (there are multiple) in the Umbraco hierarchy even though I can find references to where they're are called inside of the different forms. See below:
#inherits Umbraco.Web.Mvc.UmbracoViewPage<Aeon.Models.OrderSuppliesModel>
I know this is not a URL so I am a little confused on why this is not in any of the Umbraco hierarchy. I know that since it is referencing something and previously worked it has to be there somewhere. The only other place I would think they could be is in the root directory which I don't have access to yet. Could they possibly be located there? Any type of help on this matter would be greatly appreciated.
Since you don't have access to the code, you will have to hope there is a variable somewhere which lets you set the email, rather than it being hardcoded into the controller.
Umbraco nodes
Sometimes Umbraco developers store the email on a field on a node in Umbraco. The common places are:
on the page node which has the form on it
on a settings node
on the home page node
Web.config
The Web.config also has a section which can be used to easily setup variables. Checkout the <appSettings> section to see if there are keys and/or values which might indicate they're used for email.
Also, you haven't specifically said if it is the SMTP email account which has broken, or if it's the email account which submissions are being sent to. Look for the <mailSettings> section on the Web.config if you want to see the SMTP settings. There may be a 'from' field on the <smtp> element.
umbracoSettings.config
In the umbracoSettings.config there is an element which will look something like this:
<notifications>
<!-- the email that should be used as from mail when umbraco sends a notification -->
<email>your#email.here</email>
</notifications>
Forms are not directly handled within Umbraco. I am assuming you are using ver 6+.
To get a form to work you rely on the core MVC functionality, which means you create a Surface Controller with Get and POST actions to handle the logic.
There will be a reference to the specific model being passed to the view within the controller logic, but its common for standard static configuration information to be stored in an Umbraco node itself. Example of such are "SMTP server" "From Address" & "Use Encryption" etc. Some people as an alternative store this information as keys in web.config.
If you are specifically looking to change the model being passed to the form (OrderSuppliesModel), if you are using Visual Studio, the model should be colored in a teal color and when you hover over it, it shows the full namespace. Click it and press F12. This should link you directly to the class module.
hope it helps.
If you're lucky, they're using Umbraco Forms/Contour. When you log into the back office, do you see a section called either "Forms" or "Contour"?
If so, you should be able to find the form in the Forms tree, and at the bottom of the form you should be able to edit the workflows, which will allow you to change who gets emails sent to them etc.
If you don't have those sections, could you post the view that has the form on so we can see what it's doing please?
We are developing .NET MVC 5 project and we have document generation toolkit which must be used and available globally on every controller.
The main idea is if there is any document related with a controller or an action, the user need to access that document inside that controller. basicly, I have a table which stores areaname, controller, action and related document id. If the user click "show documents" button in any screen. System checks whether there are documents available for specified area,controller and action, and if there is, the available documents needed to be shown to the user for further action.
so, for this purpose, I read several documents and I ended up with a method. But, I am not sure whether this is correct approach or not.
One way is extending controller with "Extension By Delegion" which is referenced in this post
If you have any suggestions, please give me feedback.
thank you
I would like to check how to manage contexts / pages that are displayable to users.
For example, to allow /register.xthml, but not /success.xhtml.
Thx.
I found one possible way, by hiding them in the web information folder WEB-INF.
I want to modify the django admin for a particular model to provide the following behaviour.
A user make a search on the change_list page. The the user click a specific entry and he lands on the change_form for that entry. Nothing different to the usual.
Now, what I want is a mean to navigate the former search results. Basically next and previous buttons on the edit page.
What would be the best approach to implement this feature without modifying the admin site too much?
I will need to memorize the search in the user session, then when an entry is clicked I will need to known which place it has within the results to place my "cursor" accordingly. But I'm a bit in the cloud as the implementation side.
One way is to just put the next and previous button in the template for that particular model.
This can be implemented using simple javascript.
I ended writing a fully custom admin for that.
The website viewer would be at page A, click a link that sends then to page B, but I want them to return to page A without them noticing.
When they click the link it changes the layout the viewer is browsing the site with, so the redirection code shouldn't erase or undo the cookies or whatever are stored with the link click. Thanks!
Edit:
Here's what I'm doing. I have a page called setskin.php that has php code that takes header and footer codes for different layouts and applies them. I don't know how to show code without it going crazy, so there's a screenshot of it here:
http://figmint.uuuq.com/Picture%202.png
I want to change my website so that in a sidebar there will be the same setskin options (so it will be on every page). I was fiddling and managed to make it so when you click the link for the skin you want it changes the skin, but then you end up at the setskin.php page, which I don't want. I was looking for a way to make it so it sends you to the setskin.php page (since I couldn't see how to change that) and then back to where you came from.
You should use AJAX. That way you can do whatever processing is needed behind the scenes with zero impact on the user.
You can check the referer header and return to that. But if that isn't set go to a default page?
Other options include putting the previous url as a parameter, like a 'next' parameter. Then redirect to that after you're done. Quite common pattern used for login.