Databases Reference
In-Depth Information
public partial class Edit : System.Web.UI.Page
{
protected MetaTable table;
protected override void OnPreInit(EventArgs e)
{
base.OnPreInit(e);
this.table = DynamicDataRouteHandler.GetRequestMetaTable(Context);
if (!this.table.CanRead(this.User)
| |
!this.table.CanUpdate(this.User))
{
FormsAuthentication.RedirectToLoginPage();
this.Response.End();
}
}
}
The
Delete
page template created in Chapter 6 is similar to the Edit page template in that
it allows users to perform two distinct actions: “read” or “delete” existing records.
Implementing authorization checks is also similar to the Edit page template—you need to
call the
CanRead
and
CanDelete
methods of the
MetaTable
object associated with the page
and redirect the user to the login page if either one of them returns false.
At first glance, the
Details
and
List
page templates are simple. They generate web pages
that allow users to “read” existing records and should prevent user access when the
CanRead
method of the
MetaTable
object derived from the URL route returns false. You
already know how to implement access security for page templates that perform a single
action. Here is how you would do it in the code-behind of the Details page template:
public partial class Details : Page
{
protected MetaTable table;
protected override void OnPreInit(EventArgs e)
{
base.OnPreInit(e);
this.table = DynamicDataRouteHandler.GetRequestMetaTable(this.Context);
if (!this.table.CanRead(this.User))
{
FormsAuthentication.RedirectToLoginPage();
this.Response.End();
}
}
}
However, unless your application has a separate Delete page template, both the Details
and the List page templates also allow users to
delete
the existing records as well. You
