I am working on an application (windows forms) that works with a sql server database connection and has a table of users who have roles.
The application has modules or functionalities that are accessible according to the user's role:
[inventario; factura; ventas; reporte; administración]
the way to restrict access to modules could be:
- through a validation with a conditional and verify that the user who is logged in is x then put the property of x the controls enable=false.
same as 1 but hiding the controls with the property visible=false
equal to 1 but performing the validation in each event of the control.
Example:
Method 1 and 2:
private void MenuForm_OnLoad(object sender, EventArgs e)
{
//realizar la consulta a la base de datos y comprobar el rol
if(rol == "bodega")
{
Ventas.enable = false;//Ventas.visible = false;
Factura.enable = false;//Factura.visible = false;
}
}
method 3:
private void IngresoVentasButton_Click(object sender, EventArgs e)
{
if(rol=="vendedor")
{
VentasForm ventas = new
VentasForm();
ventas.Show();
}
else
{
MessageBox.Show("ud no tiene acceso a este modulo!");
}
}
For these cases, I would like to be able to implement attributes in the classes, methods or variables that would allow us to restrict the execution of the method (task) or set the enable properties to false.
[AutorizacionAttribute(rol="admin")]