Code On Time: business rules/logic

Blog

business rules/logic

Friday, June 15, 2012Print Subscribe

Implicit Filters with Dynamic Access Control Rules

The property Context Fields can pass values from the current record to the lookup data view. The value is passed in the format LookupFieldName=FieldNameOfThisView as an external filter. Multiple value mappings can be specified.

If LookupFieldName matches a data field in the lookup view, then an automatic “equals” filter will be applied to the lookup. If the LookupFieldName does not match, then the application framework will not perform filtering. A developer can use the passed external filter field value to create a filter expression or business rule implementing custom filtering.

Let’s create a business rule for a lookup view that takes advantage of values passed in the Context Fields property.

Navigate to the Orders page, and select an order. Create a new order detail, and activate the lookup for ProductID. The Northwind database has 77 products. All products will be available for selection in the Products lookup.

Let’s exclude products already associated with order details of the existing order from this view.

Start the Project Designer. In the Project Explorer, switch to the Controllers tab. Double-click on Products controller node.

Change the Handler property:

Property	New Value
Handler	ProductsBusinessRules

Press OK to save the controller. Double-click on OrderDetails / Fields / ProductID field node.

Change the Context Fields property:

Property	New Value
Context Fields	ExistingOrderID=OrderID

Press OK to save the field. On the toolbar, press Exit to close the Project Designer, and click Generate.

When complete, click on the project name, and select Develop to open Visual Studio.

In the Solution Explorer of Visual Studio, double-click on ~\App_Code\Rules\ProductsBusinessRules.cs(.vb) file.

Replace the existing code with the following business rule:

C#:

using System;
using System.Data;
using System.Collections.Generic;
using System.Linq;
using MyCompany.Data;

namespace MyCompany.Rules
{
    public partial class ProductsBusinessRules : MyCompany.Data.BusinessRules
    {
        protected override void EnumerateDynamicAccessControlRules(string Products)
        {
            FieldValue orderId = SelectExternalFilterFieldValueObject(
                "ExistingOrderID");
            if (orderId != null && orderId.Value != null)
                RegisterAccessControlRule("ProductID",
                    "[ProductID] in (select ProductID from [Order Details] " +
                    "where OrderID = @OrderID)",
                    AccessPermission.Deny,
                    new SqlParam("@OrderID", orderId.Value));
        }
    }
}

Visual Basic:

Imports MyCompany.Data
Imports System
Imports System.Collections.Generic
Imports System.Data
Imports System.Linq

Namespace MyCompany.Rules

    Partial Public Class ProductsBusinessRules
        Inherits MyCompany.Data.BusinessRules
        Protected Overrides Sub EnumerateDynamicAccessControlRules(Products As String)
            Dim orderId As Object = SelectExternalFilterFieldValueObject(
                "ExistingOrderID")
            If (orderId IsNot Nothing AndAlso orderId.Value IsNot Nothing) Then
                RegisterAccessControlRule("ProductID",
                    "[ProductID] in (select ProductID from [Order Details] " +
                    "where OrderID = @OrderID)",
                    AccessPermission.Deny,
                    New SqlParam("@OrderID", orderId.Value))
            End If
        End Sub
    End Class
End Namespace

The business rule tries to locate the external filter field ExistingOrderID. If it is found, and the value is not null, then the business rule will register an access control rule. The access control rule will deny access to products that are matched to the “Order Details”.“ProductID” column if the column OrderID is equal to the value passed in ExistingOrderID filter field.

Save the file, and run the web application.

Navigate to the Orders page, and select an order. Note the number of order details belonging to the order.

Create a new order detail. Click on (select) link in the Product Name lookup.

The Product lookup will open. There will be no products that are already ordered. In the example below, there are only 74 products displayed out of 77 products in the database.

Labels: Business Rules/Logic, Database Lookups, Web Application Generator

Monday, June 4, 2012Print Subscribe

Items Style User Id Lookup

ASP.NET Membership offers a prefabricated registry of users and roles. There are situations in which the membership User ID needs to be referenced in the database. You can reference a User ID with the User Id Lookup items style.

Create an Owner field in the Orders table.

Start SQL Server Management Studio. In the Object Explorer, right-click on Databases / Northwind / Tables / dbo.Orders node, and select Design option.

Add a column with the following properties:

Column Name	Data Type	Allow Nulls
OwnerId	nvarchar(50)	True

Save the table design modifications.

Note that the data type of the field may be configured as uniqueidentifier if you are working with SQL Server. If your database engine is MySQL, then int type can be used instead.

Start Code On Time web application generator. Click on the project name, and refresh the Orders data controller.

Press Generate to regenerate the web application. When it opens in a browser window, navigate to Orders page and edit a record. The OwnerId field is just a simple text box. It needs to be converted into a User Id Lookup.

Start the Project Designer. Switch to the Controllers tab, and double-click on Orders/ Fields / OwnerId node.

Give this field the following properties:

Property	Value
Label	Owner
Items Style	User ID Lookup

Press OK to save the field. On the toolbar, press Browse, and wait for the application to load.

Navigate to the Orders page, and edit a record. The Owner field will now be a lookup.

Click on the lookup link, and it will show a list of users.

When you select a user, the User Id will be inserted into the field.

Labels: ASP.NET Membership, Business Rules/Logic, Database Lookups, Web Application Generator

Monday, June 4, 2012Print Subscribe

Password Text Mode

Some applications require protected input of sensitive field values. Examples include a user password, social security number, or national id.

Let’s configure a Social Security Number field on the Employees table. Start SQL Server Management Studio. In the Object Explorer, right-click on Databases / Northwind / Tables / dbo.Employees node. Select Design option.

Add the following column:

Column Name	Data Type	Allow Nulls
SocialSecurityNumber	nvarchar(50)	True

Save your changes and refresh the Employees data controller.

Generate the project. Navigate to the Employees page and edit a record. Change the Social Security Number field value and save. The field value is visible and unprotected.

Start the Project Designer. In the Project Explorer, double-click on Employees / container1 / view1 / editForm1 / c1 – Employees / SocialSecurityNumber data field node.

Change the properties of the data field:

Property	New Value
Columns	10
Text Mode	Password

Press OK to save. On the toolbar, press Browse.

When the web app opens in the browser, navigate to Employees and select a record. The field value will be presented to the user as a series of asterisks (*).

Edit the record. The field value will be displayed as dots, and cannot be copied or otherwise extracted.

This solution is effective in preserving the confidentiality of the information.

A common practice is to reveal a part of the protected information. It may be necessary to reveal the last four digits of the Social Security Number.

Switch back to the Project Designer. In the Project Explorer, switch to the Controllers tab. Right-click on Employees / Fields node and select New Field.

Configure the field using the following values:

Property	Value
Name	SocialSecurity4Digit
Type	String
Length	50
Allow null values.	True
The value of this field is computed at run-time by SQL expression	True
SQL Formula	'*--' + SUBSTRING(Employees.SocialSecurityNumber, (LEN(Employees.SocialSecurityNumber)-3), LEN(Employees.SocialSecurityNumber))
Label	Social Security Number
Values of this field cannot be edited	True

Press OK to save the new field.

The SocialSecurity4Digit field should be visible when the form is in read mode while the SocialSecurityNumber field should not be displayed. In edit mode, the visibility of the fields will be reversed.

In the Project Explorer, right-click on Employees / Views / editForm1 / c1 – Employees category node, and select New Data Field option.

Use the following configuration:

Property	Value
Field Name	SocialSecurity4Digit
Visible When	this.get_isEditing() == false

Press OK to save the data field.

In the Project Explorer, double-click on Employees / Views / editForm1 / c1 – Employees / SocialSecurityNumber data field node.

Add the following Visible When expression:

Property	Value
Visible When	this.get_isEditing() == true

Press OK to save the data field.

On the toolbar, press Browse. Navigate to the Employees page and select a record.

The field SocialSecurity4Digit is displayed when the form is in read mode.

The field SocialSecurityNumber is displayed when the form enters edit mode.

Labels: Business Rules/Logic, Security, User Interface, Web Application Generator