[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 185
  • Last Modified:

What is wrong with my code?

I'm trying to take the UserID of the logged on user and test if they have permission to view the report for the selected employee.  If they have chosen their own name then the table is visible, if not then the table is hidden.  I got the code to work with only one parameter passed; checking who's logged in and saying they can view a table or not but that was all or nothing.  Now they should be able to see the page if they have selected themselves from the list but not anyone else.  Unless they are executives who can see everything :)

Works great!
Public Function CheckPermissions(ByVal s As String) As String
	Dim strBuilder As New System.Text.StringBuilder(s)
	Dim Visible as String = "False"
	Dim Hidden as String = "True"
	If s.Contains("*****\ar") Then
		Return Visible
	Else If s.Contains("*****\dt") Then
		Return Visible
	Else If s.Contains("*****\jb") Then
		Return Visible
	Else If s.Contains("*****\lv") Then
		Return Visible
	Else If s.Contains("*****\rb") Then
		Return Visible
	Else If s.Contains("*****\rw") Then
		Return Visible
	Else Return Hidden
	End If 
End Function

=iif(Code.CheckPermissions(User.UserId) = "False" , False, True)

Open in new window



Not working :(
Public Function CheckPermissions(ByVal s As String, ByVal t As String) As String
	Dim strBuilder As New System.Text.StringBuilder(s)
	Dim strBuilder2 As String = t
	Dim Visible as String = "False"
	Dim Hidden as String = "True"
	If s.Contains(strBuilder2) Then
		Return Visible
	Else Return Hidden
	End If 
End Function

Open in new window


Public Function CheckPermissions(ByVal s As String, ByVal t As String) As String
	Dim strBuilder As New System.Text.StringBuilder(s)
	Dim strBuilder2 As New System.Text.StringBuilder(t)
	Dim Visible as String = "False"
	Dim Hidden as String = "True"
	If s.Contains(selectedEmployee) Then
		Return Visible
	Else Return Hidden
	End If 
End Function

Open in new window

0
HSI_guelph
Asked:
HSI_guelph
3 Solutions
 
Vitor MontalvãoMSSQL Senior EngineerCommented:
Won't be easier if you define the permission in the database? What for are you controlling by code if the user can have access to the database and query the data directly?
0
 
ste5anSenior DeveloperCommented:
Can you please rephrase your question and give us some more details?

btw, I don't understand why you're working with strings. Why not simply using

 
Public Function CheckPermissions(ByVal s As String) As Boolean

	Dim Result as Boolean

	Result = s.Contains("*****\ar") Or _
		s.Contains("*****\dt") Or _
		s.Contains("*****\jb") Or _
		s.Contains("*****\lv") Or _
		s.Contains("*****\rb") Or _
		s.Contains("*****\rw")
	
	Return Result
	
End Function

=Code.CheckPermissions(User.UserId)

Open in new window

0
 
James0628Commented:
I haven't used code like this, but, FWIW, looking at your second and third code examples ...

 The second one declares strBuilder and strBuilder2 differently, and it does not declare strBuilder2 in the same way that the third example does.  I don't know if that's significant.  It's just a difference that I noticed.

 And the third example uses s.Contains(selectedEmployee), but I don't see selectedEmployee defined anywhere, so where does it come from?

 James
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
HSI_guelphAuthor Commented:
@Vitor Montalvão - The users cannot access the database.  The database is the backend of the Time Entry and Project Management System we have used for years.  But with my experience I was invited to write reports to simplify and customize data that could not be recreated the same way in the system.


@James0628 - Sorry that was copied from Textpad and originally I had two strBuilder but it didn't like that so I tried changing the name to selectedEmployee but between what I was planning out in Textpad and what I was playing with in the Report Code I forgot to update the code.  I tried declaring strBuilder2 as a String and a New System.Text but it gave this error:

An error occurred during local report procession.
The definition of the report '/Employee Work History' is invalid.
There is an error on line 5 of custom code: [BC30311] Value of type 'System.Text.StringBuilder' cannot be converted to 'String'.

Public Function CheckPermissions(ByVal s As String, ByVal t As String) As String
	Dim strBuilder As New System.Text.StringBuilder(s)
	Dim strBuilder2 As New System.Text.StringBuilder(t)
	Dim Visible as String = "False"
	Dim Hidden as String = "True"
	If s.Contains(strBuilder2) Then
		Return Visible
	Else Return Hidden
	End If 
End Function

Open in new window


But I think I get where I made the mistake.  I am passing the selectedEmployee as the second parameter and it replaces the strings in 's.Contains("*****\ar")' that I manually entered so it doesn't need to be converted to a New System.Text.StringBuilder type.


@ste5an - I didn't give much detail of the overall project because I tend to drone on and on and I just wanted to know what was wrong with my code.  Basically I have a report "Employee Project History" and when someone clicks on the link for it, I want it to bring them up as the default choice in the parameter.  If they choose a different employee then the report will hide the table so they can't see it (unless they are executives).  

This code is a check of the User logged in to see if the visibility of the table should be set to true or false.  We don't have the expertise on site to modify permissions at the database level and we wouldn't want to try because the users should still be able to access that information through the reports in the Practice system.

And the reason I didn't try a Boolean is because I found the code online and experimented with it to get something simple working without thinking about functionality and efficiency but your solution looks so clean and easy to maintain I will modify my code and get back to you.  Thanks!
0
 
HSI_guelphAuthor Commented:
Through reading through the posts I came up with a solution and wanted to award the points to those who took the time to reply.  Thank you very much!
0
 
HSI_guelphAuthor Commented:
I did a variation of what I started with and ended up with something that works in all situations.

Public Function GetEmployeeID(ByVal t As String) As Integer
	Dim UserID As String = t
	UserID = UserID.Replace("companyname\", "")
	UserID = LCase(UserID)
	Dim EmployeeID as Integer
	If UserID.Contains("*****") Then
		EmployeeID = 44
		Return EmployeeID
	Else If UserID.Contains("*****") Then
		EmployeeID = 45
		Return EmployeeID
	Else If UserID.Contains("*****") Then
		EmployeeID = 13
		Return EmployeeID
	Else If UserID.Contains("*****") Then
		EmployeeID = 98
		Return EmployeeID
	Else If UserID.Contains("*****") Then
		EmployeeID = 68
		Return EmployeeID
	Else If UserID.Contains("*****") Then
		EmployeeID = 7
		Return EmployeeID
	Else If UserID.Contains("*****") Then
		EmployeeID = 55
		Return EmployeeID
	Else If UserID.Contains("*****") Then
		EmployeeID = 39
		Return EmployeeID
	Else If UserID.Contains("*****") Then
		EmployeeID = 82
		Return EmployeeID
	Else If UserID.Contains("*****") Then
		EmployeeID = 48
		Return EmployeeID
	Else If UserID.Contains("*****") Then
		EmployeeID = 5
		Return EmployeeID
	Else If UserID.Contains("*****") Then
		EmployeeID = 72
		Return EmployeeID
	Else If UserID.Contains("*****") Then
		EmployeeID = 42
		Return EmployeeID
	Else If UserID.Contains("*****") Then
		EmployeeID = 6
		Return EmployeeID
	Else If UserID.Contains("*****") Then
		EmployeeID = 2
		Return EmployeeID
	Else If UserID.Contains("*****") Then
		EmployeeID = 6722
		Return EmployeeID
	Else If UserID.Contains("*****") Then
		EmployeeID = 81
		Return EmployeeID
	Else If UserID.Contains("*****") Then
		EmployeeID = 36
		Return EmployeeID
	Else If UserID.Contains("*****") Then
		EmployeeID = 27
		Return EmployeeID
	Else If UserID.Contains("*****") Then
		EmployeeID = 17
		Return EmployeeID
	Else If UserID.Contains("*****") Then
		EmployeeID = 22
		Return EmployeeID
	Else If UserID.Contains("*****") Then
		EmployeeID = 4
		Return EmployeeID
	Else If UserID.Contains("*****") Then
		EmployeeID = 97
		Return EmployeeID
	Else If UserID.Contains("*****") Then
		EmployeeID = 99
		Return EmployeeID
	Else If UserID.Contains("*****") Then
		EmployeeID = 3
		Return EmployeeID
	Else
		EmployeeID = 0
		Return EmployeeID
	End If 
End Function

Open in new window



Visibility of the rectangles holding the buttons available for different groups.
Code.getEmployeeID(User.UserID)= 68, false,
Code.getEmployeeID(User.UserID)= 48, false,
Code.getEmployeeID(User.UserID)= 2, false,
Code.getEmployeeID(User.UserID)= 36, false,
Code.getEmployeeID(User.UserID)= 97, false,
Code.getEmployeeID(User.UserID)= 81, false,
Code.getEmployeeID(User.UserID)= 99, false,
Code.getEmployeeID(User.UserID)= 3, false,
true, true)

Open in new window

0

Featured Post

Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now