C# management a grants

Question

I have problem with management a grants for an user enabled for two/three different areas, for example, a user with this profile I don't have problems:

User = Foo 
Area = East 
Level = 2

Instead, for a user profile:

User = Pluto 
Area = East 
Area = West 
Level = 2

The statement Users() that performs access control on a table of authorized users according to the area of membership and the expected level (0, 1 and 2) takes into account only the West Area User Pluto, rather than enable both Area East and West.

My code below.

Any help would be appreciated, thanks in advance.

protected void Users()
{
    using (OdbcConnection conn =
        new OdbcConnection(ConfigurationManager.ConnectionStrings["cn"].ConnectionString))
    {
        sql = " SELECT * FROM ";
        sql = sql + " tblUsers ";
        sql = sql + " WHERE (Email = ? ";
        sql = sql + " AND degree IS NOT NULL); ";

        using (OdbcCommand command =
            new OdbcCommand(sql, conn))
        {
            try
            {
                command.Parameters.AddWithValue("param1", Server.UrlDecode(Request.Cookies["email"].Value));
                command.Connection.Open();

                using (OdbcDataReader reader = command.ExecuteReader())
                {
                    while (reader.Read())
                    {
                        degree = reader["degree"].ToString();
                        area = reader["Area"].ToString();
                    }
                }
            }
            catch (Exception ex)
            {
                throw ex;
            }
            finally
            {
                command.Connection.Close();
            }
        }
    }
}

EDIT 1

    string Level;
    string Area;

    public class GrantUser
    {
        public string Area { get; set; }
        public string Level { get; set; }

        public GrantUser() { }
        public GrantUser(string Area, string Level)
        {
            this.Area = Area;
            this.Level = Level;
        }
    }


    protected void Users()
    {
        using (OdbcConnection conn =
            new OdbcConnection(ConfigurationManager.ConnectionStrings["cn"].ConnectionString))
        {
            sql = " SELECT * FROM tblUsers WHERE (Email = ? AND Level IS NOT NULL); ";

            using (OdbcCommand command =
                new OdbcCommand(sql, conn))
            {
                try
                {
                    command.Parameters.AddWithValue("param1", Server.UrlDecode(Request.Cookies["email"].Value));
                    command.Connection.Open();

                    List<GrantUser> lsGrantUser = new List<GrantUser>();

                    using (OdbcDataReader reader = command.ExecuteReader())
                    {
                        while (reader.Read())
                        {
                            Level = reader["Level"].ToString();
                            Area = reader["Area"].ToString();

                            lsGrantUser.Add(new GrantUser(reader["Area"].ToString(), reader["Level"].ToString()));
                        }
                    }
                }
                catch (Exception ex)
                {
                    throw ex;
                }
                finally
                {
                    command.Connection.Close();
                }
            }
        }
    }


    protected void GridView1_RowDataBound(object sender, GridViewRowEventArgs e)
    {
        if (e.Row.RowType == DataControlRowType.DataRow)
        {
            Label area = (Label)e.Row.FindControl("Area");

            if (!string.IsNullOrEmpty(Level.ToString()))
            {
                if (Level.ToString() == "0")
                {
                       //here the condition 0
                }

                if (Level.ToString() == "1")
                {
                    if (area.Text == Area.ToString())
                    {
                       //here the condition 1
                    }
                }

                if (Level.ToString() == "2")
                {
                    if (area.Text == Area.ToString())
                    {
                       //here the condition 2
                    }
                }
            }
        }
    }




 public DataTable GridViewBind()
    {
        sql = " SELECT ....... ; ";

        try
        {
            dadapter = new OdbcDataAdapter(sql, conn);

            dset = new DataSet();
            dset.Clear();
            dadapter.Fill(dset);
            DataTable dt = dset.Tables[0];
            GridView1.DataSource = dt;

            conn.Open();
            GridView1.DataBind();

            if (dt.Rows.Count == 0)
            {
                Page.ClientScript.RegisterStartupScript(this.GetType(), "Alert", "alert('No data.');", true);               
            }

            return dt;
        }
        catch (Exception ex)
        {
            throw ex;
        }
        finally
        {
            dadapter.Dispose();
            dadapter = null;
            conn.Close();
        }
    }

EDIT 2

Users();
GridView1.DataBind();

Don't `throw ex` http://stackoverflow.com/questions/730250/is-there-a-difference-between-throw-and-throw-ex Also, `command.Connection.Close()` is redundant with a `using`-statement. Actually your `try-catch-finally` is redundant. — Tim Schmelter, Aug 18 '14 at 08:02
Where are `degree` and `area` declared? You should create a class `User` with at least four properties: `string Name`,`string Degree`,`List Areas` and `int Level`. The important is the list. — Tim Schmelter, Aug 18 '14 at 08:06
thank you degree and area declared on a public partial class — Hamamelis, Aug 18 '14 at 08:36
Please see the **EDIT 1** in my first post. The output not change. — Hamamelis, Aug 18 '14 at 13:49
You are still using a single `Level` and a single `Area`, why? You have initialized a local `List` without ever using it. — Tim Schmelter, Aug 18 '14 at 13:57
I tried to use it in the gridwviewbind method, but not fixed the problem **EDIT 2**. — Hamamelis, Aug 18 '14 at 14:01

score 0 · Accepted Answer · answered Aug 18 '14 at 14:30

If I'm understanding your question, it sounds like you have the Area property which could take on number of different values like "East", "West", and I would assume "North" and "South" (or something similar).

In that case, I would start with an enumeration like so:

enum Areas
{
   East, West, North, South
}

Then change the type of Area from string to Areas:

public class GrantUser
{
    public Areas Area { get; set; }
    public string Level { get; set; }

    public GrantUser() { }
    public GrantUser(Areas Area, string Level)
    {
        this.Area = Area;
        this.Level = Level;
    }
}

Now you can only set GrantUser.Area to one of the values on the list (or else you won't be able to compile):

GrantUser user = GetUserFromSomewhere();
user.Area = Areas.East; //valid
user.Area = Areas.Elsewhere; // invalid, won't compile

Finally, if you want a user to be able to have several "areas" assigned to them, then we'll give the enum a [Flags] attribute, create a default None value, and then assign each item a value which increases by a power of two (sounds confusing, but once you've done it a few times it will feel normal). Check "FlagsAttribute Class" for more information.

[Flags]
public enum Areas
{
   None = 0, East = 1, West = 2, North = 4, South = 8
}

Finally, to give a user access to both East and West we just need to OR the areas together:

GrantUser user = GetUserFromSomewhere();
user.Area = Areas.East | Areas.West; //Gives a value of 3, which is 1 + 2

Notice that when we OR powers of two that it is the same as adding them together, but that is only because of the way the bits line up for powers of two (and is another topic). Just note that this is not true in the general case. i.e.: 3 | 7 == 7.

Now to check what Area a user has access to, use the AND operator:

if(user.Area & Areas.East == Areas.East) {//has access to East}
if(user.Area & Areas.West == Areas.West) {//has access to West}

For further reading and detailed code examples, check out the Enumeration Types C# Programming Guide.

C# management a grants

1 Answers1