Make administrator create users from a specific role - asp.net

I've been reading about asp web administration tool. I read about creating roles and stuff and forcing a controller to use authentication in order to be viewed. My question is, say create on the administration tool a user called Peter and I assign him the Administrator role. Then I want to create another role called LimitedAdministrator. But I want Peter to create new users on his View (I'm using MVC). Can anyone point me in the direction of how to do this.
I want peter to see on his page, like "Create user" and this user will be created as a LimitedAdministrator.
Thanks!

I would probably handle this by limiting the available roles that display on the page for Peter to choose from. You'd also need to validate that the role passed in the request is a valid role for Peter to create as well. Say you're using a dropdown to allow Peter to choose roles for new users. Then simply populate the dropdown with only those roles which Peter has access to assign using whatever logic is used to make that decision. If Peter can only allocate LimitedAdministrators, then you don't need to present him with a choice, just apply that role server side based on your logic for Peter.
If you do it this way, you won't need to have separate pages/views for each type of administrative user. You can reuse the view because you're changing the data in the model. The view displays the proper data according to the model corresponding with the user's capabilities.

Related

How to set User Role with Identity in MVC application

I have this project which is school management system, i have created Roles(Teacher,Admin,Staff) now i can assign what role is allowed to be viewed in each page and i want the Teacher Role to be more specific cos i have this page where the teacher can see all the list of subject that she/he teaches.
Now my problem is when the teacher login, i want all the subject of the current teacher who login can see her subjects only, right now with my role as (Teacher) they can see all the list of subject from other teachers too. Any idea on how to solve this? or what are the things i should add or learn to achieve my goal? i heard about MVC identity is it the one responsible for fixing this issue. appreciate if u guys could give me idea on how to deal with this. thanks!
If I did understand your problem correctly.what you are looking for is Resource Based Authorization (Authorization depends upon the resource being accessed). As far as I know, this can not be done with declarative security.
In order to gain such flexibility, you have to call an authorization function inside the action method.
Depending on the result of that authorization function, you can return 403 or the required resource.
Speaking of your requirement, extract the user id inside your action method and filter out other teachers' subjects.
If you are using ASP.Net Identity this link may help you to get started.

Track user's action

In our company I have to extend the functionality of existing Drupal 7 website. Here are the requirements:
The business needs to inform all staff members, on different topics using uploaded to the Drupal site documents. (I already implemented this requirement.)
The business needs to know, which staff members have read a document and which still have not.
They need a report like this:
Document 1 25/50 (25 from 50 staff members still didn't read the file)
Document 2 50/50 (all staff members did read the file), etc.
In order to fulfill the second business requirement, I need a module which can track specific user's activity (in my case click on a link to download a file, which means the file is read). The module(s) have to be able to create a report like the one above.
(All staff members have a drupal account with a specific role.)
Is there any drupal module I can use or maybe a part of it. Or the requirements are too 'custom' and I have to create my own module.
I created almost exactly the feature you need. I would be glad to help you in the process.
I developed indeed a full custom module. And I could tell you that you will need different things:
A custom table in your DB to store the data
A custom entity called "track" or "action" that will be stored in the DB
Implementing the right hooks to create a track when you want to keep a track of a user's action
A custom page or block to display the tracks you stored in your DB with a custom query and appropriated permissions
To achieve all that, I suggest you to take a look at these pieces of documentation:
https://api.drupal.org/api/drupal/modules!system!system.api.php/function/hook_schema/7
https://www.drupal.org/node/878784
https://api.drupal.org/api/drupal/includes!module.inc/group/hooks/7
https://www.drupal.org/node/1343708
http://befused.com/drupal/page-programatically
https://api.drupal.org/api/drupal/modules!system!system.api.php/function/hook_permission/7
Hope it will help.

Using Active Directory to restrict access to data in webforms app (mainly through populating dropdowns)

Please review the scenario and solution I came up with. If it sucks please tell me so.
Scenario
Need to create an application for submitting & viewing accidents reports that will be used by 50 schools. When submitting a form, an employee will select their school from a dropdown. Likewise when viewing accident reports, the employee will select their school from a dropdown. Some employee's are to be assigned multiple schools. Thus the dropdown needs to be populated with each school they are assigned to. The IT department wants to control the population of the dropdowns using Active Directory.
Possible Solution
Within Active Directory, create an organizational unit called AccidentReportingSchools
Within the organizational unit, create a security group for each school.
Add an attribute called SchoolName to the security group
Add an attribute called SchoolID to the security group
Write an active directory query to return all of the security groups that are within the AccidentReportingSchools organizational unit (created from step 1) that the logged in employee is a member of.
When an employee logs into the application, create a session variable or cookie for storing the employee's schools. Populate it based on the results of the active directory query.
Use the cookie/session variable to populate the dropdowns.
Alternate Solution
Tell the IT department that Active Directory is not well suited in this particular situation and that a database table should be used for assigning employees to their schools.
It doesn't sound like a bad idea. Though I don't think you need to setup an attribute for SchoolName. You can just go by the name of the AD Group. I have something similar (though not nearly as large in scope.) I created a basic Intranet page for IT Trouble Tickets.
And for what it's worth, if you plan on doing this through ASP.net look at MVC rather than WebForms.

create unique and editable profiles

I am working on a web development project that will require keeping records for around 3-4,000 companies. If possible I want to use a wordpress plugin that enables a user to CREATE a unique user account / profile and update their profile with their up to date information at a later date. I tested profile builder but it wont let non admins initiate a new account (something I dont want to do 4,000 times).
Information also needs to be searchable (income range, location, etc.). This is not necessarily a deal breaker as I could develop a second app to search the DB.
Right now I am trying to choose between building a app where a user can create an account and interact with a UI (time consuming). I hate to ask such silly question but I am not having much luck.
Approximate wireframe:
Enable user registration and dispatch the 4 thousand emails inviting to open an account.
The default User Profile system remains as it is, just basic user info (it's easy to remove stuff from that page and give it a nice style).
Create a Custom Post Type for the big profile with all the searchable capabilities this offers.
Limit the number of posts the user can manage to One.
Ask new questions as the specifics arise.

ASP.NET, how to manage users with different types of roles

I want to create a website with various users. The users can have different roles, admin and user, which is a very well documented situation. But I would like to also group the users on their location, so at each location I can have both admins and users. - A multi dimensional role system?
The reason is, that users in Germany should have access to a certain set of documents, while the Italian users shouldn't.
Where should I look for documentation on this specific topic? I need some way to limit my search, maybe some keywords.
A different approach would be to add another set of roles, corresponding with the different locations available, for example Germany and Italy. You then make all German users members of the Germany role, and the German admins members of both Germany and Admin. When checking permissions, you then check both for Admin and for the current locale.
Remember, one user can have many roles.
First of all, please see the very excellent tutorial series on 4GuysFromRolla: https://web.archive.org/web/20210513220018/http://aspnet.4guysfromrolla.com/articles/120705-1.aspx
Secondly, the built in Role Provider is extremely rudimentary. You associate a user with a string (role) and that's pretty much it. There's no heirarchy or additional properties that you associate with the role, unless you pack in into the string (role name).
You might want to look at custom profile properties. MSDN

Resources