Alert on gridview edit based on permission

Posted by Vicky on Stack Overflow See other posts from Stack Overflow or by Vicky
Published on 2014-06-09T14:28:11Z Indexed on 2014/06/09 15:25 UTC
Read the original article Hit count: 274

Filed under:
|
|
|

I have a gridview with edit option at the start of the row. Also I maintain a seperate table called Permission where I maintain user permissions. I have three different types of permissions like Admin, Leads, Programmers. These all three will have access to the gridview. Except admin if anyone tries to edit the gridview on clicking the edit option, I need to give an alert like This row has important validation and make sure you make proper changes.

When I edit, the action with happen on table called Application. The table has a column called Comments. Also the alert should happen only when they try to edit rows where the Comments column have these values in them.

ManLog datas Funding Approved Exported Applications

My try so far.

public bool IsApplicationUser(string userName)
{
    return CheckUser(userName);
}

public static bool CheckUser(string userName)
{
    string CS = ConfigurationManager.ConnectionStrings["ConnectionString"].ToString();
    DataTable dt = new DataTable();
    using (SqlConnection connection = new SqlConnection(CS))
    {
        SqlCommand command = new SqlCommand();
        command.Connection = connection;
        string strquery = "select * from Permissions where AppCode='Nest' and UserID = '" + userName + "'";
        SqlCommand cmd = new SqlCommand(strquery, connection);
        SqlDataAdapter da = new SqlDataAdapter(cmd);
        da.Fill(dt);
    }
    if (dt.Rows.Count >= 1)
        return true;
    else
        return true;
}

 protected void Details_RowCommand(object sender, GridViewCommandEventArgs e)
{
    string currentUser = HttpContext.Current.Request.LogonUserIdentity.Name;
    string str = ConfigurationManager.ConnectionStrings["ConnectionString"].ToString();
    string[] words = currentUser.Split('\\');
    currentUser = words[1];
    bool appuser = IsApplicationUser(currentUser);
    if (appuser)
    {
        DataSet ds = new DataSet();
        using (SqlConnection connection = new SqlConnection(str))
        {
            SqlCommand command = new SqlCommand();
            command.Connection = connection;
            string strquery = "select Role_Cd from User_Role where AppCode='PM' and UserID = '" + currentUser + "'";
            SqlCommand cmd = new SqlCommand(strquery, connection);
            SqlDataAdapter da = new SqlDataAdapter(cmd);
            da.Fill(ds);
        }

        if (e.CommandName.Equals("Edit") && ds.Tables[0].Rows[0]["Role_Cd"].ToString().Trim() != "ADMIN")
        {
            int index = Convert.ToInt32(e.CommandArgument);

            GridView gvCurrentGrid = (GridView)sender;
            GridViewRow row = gvCurrentGrid.Rows[index];

            string strID = ((Label)row.FindControl("lblID")).Text;
            string strAppName = ((Label)row.FindControl("lblAppName")).Text;
            Response.Redirect("AddApplication.aspx?ID=" + strID + "&AppName=" + strAppName + "&Edit=True");
        }
    }
}

Kindly let me know if I need to add something. Thanks for any suggestions.

© Stack Overflow or respective owner

Related posts about c#

Related posts about ASP.NET