Blog

Labels
AJAX(112) App Studio(9) Apple(1) Application Builder(245) Application Factory(207) ASP.NET(95) ASP.NET 3.5(45) ASP.NET Code Generator(72) ASP.NET Membership(28) Azure(18) Barcode(2) Barcodes(3) BLOB(18) Business Rules(1) Business Rules/Logic(140) BYOD(13) Caching(2) Calendar(5) Charts(29) Cloud(14) Cloud On Time(2) Cloud On Time for Windows 7(2) Code Generator(54) Collaboration(11) command line(1) Conflict Detection(1) Content Management System(12) COT Tools for Excel(26) CRUD(1) Custom Actions(1) Data Aquarium Framework(122) Data Sheet(9) Data Sources(22) Database Lookups(50) Deployment(22) Designer(178) Device(1) DotNetNuke(12) EASE(20) Email(6) Features(101) Firebird(1) Form Builder(14) Globalization and Localization(6) How To(1) Hypermedia(2) Inline Editing(1) Installation(5) JavaScript(20) Kiosk(1) Low Code(3) Mac(1) Many-To-Many(4) Maps(6) Master/Detail(36) Microservices(4) Mobile(63) Mode Builder(3) Model Builder(3) MySQL(10) Native Apps(5) News(18) OAuth(9) OAuth Scopes(1) OAuth2(13) Offline(20) Offline Apps(4) Offline Sync(5) Oracle(11) PKCE(2) Postgre SQL(1) PostgreSQL(2) PWA(2) QR codes(2) Rapid Application Development(5) Reading Pane(2) Release Notes(184) Reports(48) REST(29) RESTful(29) RESTful Workshop(15) RFID tags(1) SaaS(7) Security(81) SharePoint(12) SPA(6) SQL Anywhere(3) SQL Server(26) SSO(1) Stored Procedure(4) Teamwork(15) Tips and Tricks(87) Tools for Excel(3) Touch UI(93) Transactions(5) Tutorials(183) Universal Windows Platform(3) User Interface(338) Video Tutorial(37) Web 2.0(100) Web App Generator(101) Web Application Generator(607) Web Form Builder(40) Web.Config(9) Workflow(28)
Archive
Blog
Wednesday, August 6, 2008PrintSubscribe
Using "roles" and "writeRoles" Attributes with Fields and Actions

Data Aquarium Framework allows controlling user access to the fields and actions defined by data controller based on user roles. The standard ASP.NET security infrastructure is being utilized to determine the role of the current user. You must enable any form of authentication supported by ASP.NET to be able to use this features.

Element “field” in the “/dataController/fields” section has attributes “roles” and “writeRoles”. The first attribute specifies a space- or comma-separated list of roles allowed to read the field. If “roles” element is not present or defined as a blank string then any user is allowed to see the field presented in the views. If “roles” attribute is not blank then a call 

HttpContext.Current.User.IsInRole(role)

is executed by the framework to see if the field should be visible in the presentation views defined in the data controller XML file.

Attribute “writeRoles” specifies the roles that user must have in order to be able to change the field content.

Element “action” of any “/dataController/actions/actionGroup” section allows specifying user roles that are allowed to execute that action. If the attribute is not present or blank then the action is available to everyone. If a space- or comma-separated list is present then the framework will ask ASP.NET to see if the user does have one of this roles before this action is allowed to be displayed and executed in the views defined in the data controller file.

Notice that the same action may be defined in multiple actions group. For example, the standard generated definition of the data controller will have “Delete” action defined twice in the action group with scope “Grid” and twice in the action group with scope “Form”. You have to make sure that the same list of roles allowed to execute the “Delete” action is duplicated in all four instances.

Let’s try the real example. This example assumes that you do have SQL Server 2005 Express Edition installed on your development machine.

Generate a Data Aquarium project for the Northwind database. Open the web site with Visual Studio 2008 or Visual Web Developer Express 2008 and add a form named Login.aspx to the root of the new web site. Switch this form to design mode and drop Login control on the form. Save the form. Here is the snippet of your from text with the Login control in it.

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title>Untitled Page</title>
</head>
<body>
    <form id="form1" runat="server">
    <div>
    <asp:Login ID=Login1 runat=server></asp:Login>
    </div>
    </form>
</body>
</html>

Select “Website ASP.NET Configuration” menu option in Visual Studio and enable security for our sample application. Indicate that your users are visiting your site from Internet. Specify that you want to enable roles. Create two roles named Admin and User. Create two user accounts, one for each role, and make sure to memorize their user names and password. Create an access rule that denies anonymous user access to the root of your web site. The configuration tool will automatically insert the needed settings in to the web.config file of the sample application will create App_Data project folder with ASP.NET Membership database in it.

Start default.aspx page. You will be asked to sign in. Make sure that you can sign in with one of the user accounts that you have created. When sign in successfully the default page will display the views defined in the ~/Controllers/Employees.xml data controller configuration file. Close the browser and open that data controller file in Visual Studio.

Make the following changed in the definition of LastName, FirstName, and Title fields.

    <field name="LastName" type="String" allowNulls="false" label="Last Name"  writeRoles="Admin"/>
    <field name="FirstName" type="String" allowNulls="false" label="First Name" writeRoles="Admin"/>
    <field name="Title" type="String" label="Title"  roles="Admin"/>

Run the application a few times while singing in with different user accounts that you have created. Notice that when you sign with account that has User role then Title field is not visible in any of the presentation views. User with Admin can see the Title field at all times.

Fields LastName and FirstName are accessible to the user with role User but this field is always read-only whenever you switch to any of the edit or insert views.

Now change the action groups to have roles attribute for command Select, Edit, and Delete as shown below.

    <actionGroup scope="Grid">
      <action commandName="Select" commandArgument="editForm1" roles="Admin,User" />
      <action commandName="Edit"  roles="Admin"/>
      <action commandName="Delete" confirmation="Delete?" roles="Admin"/>
      <action whenLastCommandName="Edit" commandName="Update" headerText="Save" />
      <action whenLastCommandName="Edit" commandName="Cancel" />
    </actionGroup>
    <actionGroup scope="Form">
      <action commandName="Edit" />
      <action commandName="Delete" confirmation="Delete?"  roles="Admin"/>
      <action commandName="Cancel" headerText="Close" />
      <action whenLastCommandName="Edit" commandName="Update" headerText="OK" />
      <action whenLastCommandName="Edit" commandName="Delete" confirmation="Delete?" roles="Admin"/>
      <action whenLastCommandName="Edit" commandName="Cancel" />
      <action whenLastCommandName="New" commandName="Insert" headerText="OK" />
      <action whenLastCommandName="New" commandName="Cancel" />
    </actionGroup>

User with administrative accounts will see no difference in the presentation views. User with role User will only Select option in the context menu of the data row in the grid view of employees. Delete action will not be allowed to that user in the form views as well.

As you can see there are plenty of declarative options to control security in the AJAX-enabled user interface without actually writing a single line of code. Any web form that is using your data controller will automatically inherit all security settings, which makes application maintenance a snap.

Labels: AJAX, ASP.NET 3.5, Data Aquarium Framework, Security, User Interface
Sunday, August 3, 2008PrintSubscribe
Database Lookups and Data Aquarium Framework Updates

The latest updates of code generator projects include standard project Database Lookups for ASP.NET and AJAX 3.5 and premium project Data Aquarium Framework.

Database Lookups project has been changed to make SelectedValue property a default property of the control. Java script components were updated to eliminate the problem with the loss of focus in a web form when a data lookup window has been closed. DataViewLookup control will now work without script errors when included in the content template of UpdatePanel control.

Data Aquarium Framework has been updated to include the same fixes described above. Addition components are now generated to make integration of the framework with existing ASP.NET applications a snap. Component ControllerDataSource has been introduced to tap into the power of Data Aquarium Framework to generate dynamic SQL statements on the fly. Now you can connect your existing data views, including GridView, DetailView, and FormView, to this data source control and gain instant ability to page and sort through thousands of records, and provide sophisticated filtering capabilities to end users. Use any commercial web control library that supports standard data binding with Data Aquarium Framework. New control DataViewTextBox is based on the standard TextBox and provides no-code database auto complete for your web forms.

See a demo application that showcases the latest features at http://dev.codeontime.com/demo/integration.

Download the source code of the sample page here.

Labels: AJAX, ASP.NET 3.5, ASP.NET Code Generator, Data Aquarium Framework, Release Notes
Saturday, July 26, 2008PrintSubscribe
GUI of Web Form Builder Applications

Here we will show many of the available features of an application generated with Web Form Builder code generator project.

image

Sorting

On the left side of the screen, you can see all the database objects discovered in your database. Clicking on an item will bring you to a list of records contained in the table. At the bottom of the list, you can page through the records by clicking on a page number. Sorting is done by clicking on the column header you wish to sort by. First click sorts in ascending order, and second click sorts in descending order. Sorting and paging are executed via client callbacks, eliminating the need for post backs, and speeding up your application.

image

Filtering

To create a filter, press Filter, which is located directly above the record list. A drop down and text field will appear. Select which field you wish to filter from the drop down, type in the filter criteria, and press Apply. The records will filter by your selection. Any partial or full filter will work. To remove your filter, press Cancel.

image

You can also use a comma to apply multiple filters, and comparison operators to further specify your filter. After applying a filter, you can still sort and page. If you choose to visit another page and return, the filter will remain, saving a lot of time. If you cancel your filter, but want to reapply it, the most recent filter will be remembered when you press Filter again.

image

Detail View

If you click on the first field of a record, you will be sent to the detail view of the record. All the information about the record is displayed here, as well as all the related child records. On the detail record lists, filtering and sorting is still available to you. You can edit the record by pressing Edit, delete by pressing Delete, and create a new record by pressing New.

image

Editing Records

When you press Edit, the form switches into editing mode. Here, you can change many of the fields. Lookup values are represented as drop down controls. Read-only lookup fields are automatically inferred from your database and correspond to the editable lookup fields of your record. When you finish editing, press Update to save all changes, or press Cancel to go back without saving. You can also click on any of the objects on the left to go straight to their respective record lists without changing.

image

If you try to delete certain records which causes database constraint violation, the command will be canceled and an error message will appear. This can occur because the record can have associated child records, as in the example below.

image

Creating New Records

To create a new record, first go to the database object in which you would like to have the new record in. Press the link where it says "Click here to create a new record." The new record screen will appear, and now you can add values to all the editable fields, and set values to lookup fields with drop down controls. Press Insert to create your new record, or Cancel to go back to the previous screen without saving. Notice that when fields with database constraints are incorrectly entered, an error message will appear.

image

Generating Reports

The second option above the records list allows you to generate reports of the current database object. Pressing PDF creates an Adobe PDF report. Pressing Excel creates an excel report. Image creates a .tiff file of the report. On all of these, a multi-page list will be created, showing all the fields for all the records. The date created and page number will be shown at the bottom. Report title and column headers are displayed for all of the pages. All fields are available for report generating, including those in master-detail pages. Any filters applied to the record list will also be applied to the generated report.

image

PDF report:

image

Excel report:

image

Image report:

image

This is just a short preview of some of the great user interface features that Web Form Builder applications generated with Code OnTime Generator have to offer. Find more useful resources on our support page.

Labels: ASP.NET 3.5, ASP.NET Code Generator, Reports, User Interface, Web Form Builder
Continue to Creating Custom Action Handlers in Data Aquarium Framework Applications
© 2025 Code On Time LLC. All rights reserved. All trademarks mentioned on this website are property of their respective owners.
Watch | Blog | Roadmap | Learn | Community | Support