Seeking a Conceptual Approach Please

[Thom Anderson]

Hi. I have been asked to create a web tool for my company. Basically an
employee will use a user control (a tree view containing information about
our company) and when they get to where they want on the tree, the will
click a node. The node click event should go to the (database, cache,
session var, xml file (it doesn't matter at this time)) and return a list of
reports that can be run.

That list of reports is dependent on two things. 1 - what they clicked on,
2- who the web user is. The click event already gives me that information,
that isn't the problem.

Here is where I don't know what to do.

The web user will be given a choice of reports to run. Let's assume that
the number of choices is 5. But those 5 choices were dependent on what they
clicked and who the web user is. The back end database is SQL Server and
there are about 100 stored procedures that could be called potentially. But
if you're user A, you might not be allowed to see the 4th column in stored
procedure 65, but user B can see column 4. It kind of depends on what
department they're in.

The report data has to be shown on the screen. A datagrid is what I'd like
to use. But I don't want to create 100+ data grids for every possible
stored procedure resultset (they do not have to return the same number of
columns).

I was thinking the web page could have one data grid and we push the results
of the stored procedure into it at runtime. The formatting of each stored
procedure resultset has to be stored somewhere, be it database or local XML.
What do you think is the best approach?

Here's the other thing I don't know what to do. Each stored procedure
doesn't require the same input parameters. Some have 2, some have 3, some
more. And There has to be a drop-down list built at runtime and the
available parameter options have to be placed in it for the user to select
from. This is tough.

Any suggestions for this data dynamic web page?

 

[clintonG]

You need to implement using 2.0 Membership, Roles, and Profiles. That will
allow you to use MultiView controls as well as code to determine who can and
who can not see which reports may be run by making some parts of the page
visible or not visible to authorized members assigned to roles. All this
also applies to determining which stored procedures are run when you
implement Membership and Roles.

The Profile class is used to store data in the database across sessions and
is generally used similar to the way the Session is used to store data
during a session. If you don't know Membership yet I'd suggest you get busy,
buy a lot of books and stock up on eye drops to google for a few weeks
because you will be studying for at least a good month or two to learn how
to use the 2.0 Membership, Roles and Profiles and please -- trust me -- the
time is worth it as it will take much much longer to design and code your
own authentication and access solution.

<%= Clinton Gallagher
NET csgallagher AT metromilwaukee.com
URL http://www.metromilwaukee.com/clintongallagher/

 

[B]

Hi ,

If you need the page to be really faster and light weight ,, on
my programming expereince i would say ,, plz dont use datagrid ,, thats
really a heavy object , and as you asked the number would also increase
dynamically ,,

you cant simply do that ,, i would suggest you to display the list of
reports the user has acess to in a seperate page (say reportlist.aspx)
and add another page ,, where you are going to display the report..
store all the report parameters and input parameters and the input
control information about that particular input parameter in a table ,,


Create a user control that fetches all these information and builed the
user control accordingly in the top position of the report page and
instead of using Datagrid you can use simple HTML table that use can
customize more than the default datagrid .. and when the user clicks
the show report from the user control at the bottom of the page just
display the report through XML HTTP (AJAX) the page would be light
weight and it will be the fastest ..

builing the user control will be little tricky ,,,,,,,, take care

 

[Robbe Morris [C# MVP]]

Each procedure should have all the possible parameters.
In the proc, check them at runtime. Use CASE statements
in your where clause on columns that are indexed:

http://www.eggheadcafe.com/PrintSearchContent.asp?LINKID=469

You may have some IF BEGIN END statements for those
parameters that aren't indexed.

I'd also have the data layer return back all applicable
columns regardless of permission. Then, we'd them out
in your application code (C#,VB.NET) by simply removing
the column from the DataTable based on your permission
scheme. This solution would be dependent upon your
users not having direct connectivity from their desktop
straight into your database server and bypass your asp.net
app.

I'd also make my permission scheme tied to
a specific user and not to a job title or user type.

This old article explains how and why:

http://www.eggheadcafe.com/articles/20030627.asp

It does mean that you'd have to set up a process
to insert a set of default column permissions by user
type, job title, etc. But, your schema/security model
should support "rule bending" just in case users take
on temporary roles not officially attached to them.



--
Robbe Morris - 2004-2006 Microsoft MVP C#
Earn money answering .NET questions
http://www.eggheadcafe.com/forums/merit.asp