1
Conditionally setting DeniedPermission in DocumentViewer
Question asked by Rob Smith - 4/10/2021 at 4:02 PM
Answered
I'm trying to figure out how to conditionally set different combinations of DeniedPermissions and AllowedPermissions based on user role:
- If a user is an admin user, I want to allow printing and downloading.
- If a user is an auditor user, I want to allow printing, but deny downloading
- If a user is NOT an admin or auditor user, I want deni.

There doesn't seem to be a way to pass variables into a method that builds the DocumentViewer for conditionally setting the allowed and denied permissions.
var documentViewer = new DocumentViewer().
If (user.IsAdmin){
   documentViewer.AddAllowedPermission(DocumentViewerPermission.Print);
   documentViewer.AddAllowedPermission(DocumentViewerPermission.Download);
} else if (user.IsAuditor){
  documentViewer.AddAllowedPermission(DocumentViewerPermission.Print);
  documentViewer.AddDeniedPermission(DocumentViewerPermission.Download);      
} else {
  documentViewer.AddDeniedPermission(DocumentViewerPermission.Print);
  documentViewer.AddDeniedPermission(DocumentViewerPermission.Download);  
}

The bitwise OR seems to indicate that I'm going to have to build numerous sets of allowed and denied permissions and maintain that forever based on new and changing user roles.

Thoughts?  Advice?

Thanks in advance.

3 Replies

Reply to Thread
0
Cem Alacayir Replied
Employee Post Marked As Answer
DocumentViewer is not interested in your users or roles, you just provide it with permissions according to your currently logged in user and this depends on your application.

You can do what you need as simple as this:

var documentViewer = new DocumentViewer();

//Initial set of allowed permissions for all kind of users
//All is default value for AllowedPermissions but you can set some other combination here
documentViewer.AllowedPermissions = DocumentViewerPermissions.All;

if (user.IsAdmin){
    //We don't restrict anything from initial set for admins
} else if (user.IsAuditor)
{
    //Allow initial set except Download permission for auditors
    documentViewer.DeniedPermissions = DocumentViewerPermissions.Download;
}
else
{
    //Allow initial set except Download and Print permissions for remaining users
    //When combining permissions, they should be separated by comma in string and by bitwise 'or' operator in code (| in C# and OR in VB).
    documentViewer.DeniedPermissions = DocumentViewerPermissions.Download | DocumentViewerPermissions.Print;
}
See docs of DocumentViewer.AllowedPermissions property for help.
0
Cem Alacayir Replied
Employee Post
Also regarding this question:

> The bitwise OR seems to indicate that I'm going to have to build numerous sets of allowed and denied permissions and maintain that forever based on new and changing user roles. 

You can add permissions like CanDownload and CanPrint to your user/role and then create a SetDocumentViewerPermissionsForUser method to convert those to DocumentViewer permissions:

var documentViewer = new DocumentViewer();

SetDocumentViewerPermissionsForUser(documentViewer, user);


public void SetDocumentViewerPermissionsForUser(DocumentViewer documentViewer, User user)
{
    documentViewer.AllowedPermissions = DocumentViewerPermissions.All;

    //Append denied permissions according to user/role by using |= operator

    if (!user.CanDownload)
        documentViewer.DeniedPermissions |= DocumentViewerPermissions.Download;

    if (!user.CanPrint)
        documentViewer.DeniedPermissions |= DocumentViewerPermissions.Print;
}
This way you will not depend on names of roles like auditor, admin but you will depend on your custom set of permissions.
0
Rob Smith Replied
That seems like it will work perfectly.  Thank you for your response.

Reply to Thread