logo
Welcome to our new AbleCommerce forums. As a guest, you may view the information here. To post to this forum, you must have a registered account with us, either as a new user evaluating AbleCommerce or an existing user of the application. For all questions related to the older version of Gold and earlier, please go to AbleCommerce Gold forum. Please use your AbleCommerce username and password to Login. New Registrations are disabled.

Notification

Icon
Error

Options
Go to last post Go to first unread
ray22901031  
#1 Posted : Friday, April 9, 2021 11:48:46 PM(UTC)
ray22901031

Rank: Advanced Member

Groups: Authorized User, Developers
Joined: 2/17/2019(UTC)
Posts: 826

Thanks: 3 times
Was thanked: 13 time(s) in 13 post(s)
I am a frontend designer and slowly working my way into the backend, Please review the following code block below which is part of the "_OrderItemDetail.cshtml" partial view. I would like to implement user roles security in the following if statement, but I'm not sure if my syntax is incorrect or if I need to make reference to another file. I would like to take the first part of the if statement, and turn it into an "and" statement that takes into account both the Model.Link.Product (True) and only if the user roles="System,Admin,Junior Admin (True). Once I can get this worked out, I can then make changes to some other files as needed.

Thank you for helping out.

===

@if (Model.LinkProducts)
{
<a href="@Url.Action("EditProduct", "Product", new { ProductId = Model.ProductId })" target="_blank">@(Model.ProductName)</a>
}
else
{
@(Model.ProductName)
}
===

Thanks

Edited by user Friday, April 9, 2021 11:49:32 PM(UTC)  | Reason: Not specified

Wanna join the discussion?! Login to your AbleCommerce Forums forum account. New Registrations are disabled.

shaharyartiwana25816656  
#2 Posted : Tuesday, April 13, 2021 2:47:12 AM(UTC)
shaharyar

Rank: Advanced Member

Groups: Admin, Developers, Registered, HelpDesk, Authorized User
Joined: 10/5/2018(UTC)
Posts: 703

Thanks: 5 times
Was thanked: 113 time(s) in 112 post(s)
Add the following chunk at the top

Code:
@using CommerceBuilder.Users
@{
    bool isAdminUser = AbleContext.Current.User.IsInRole(Role.AdminRoles);
    bool isJrAdminUser = AbleContext.Current.User.IsInRole(Role.JrAdminRoles);
    bool isSystemAdminUser = AbleContext.Current.User.IsInRole(Role.SystemAdminRoles);
}


And use the if statement as follows. I didn't test the code working but I hope this will lead you to the solution.

Code:
@if (Model.LinkProducts && (isAdminUser || isJrAdminUser || isSystemAdminUser))
{
    <a href="@Url.Action("EditProduct", "Product", new { ProductId = Model.ProductId })" target="_blank">@(Model.ProductName)</a>
}
else
{
    @Model.ProductName
}

Edited by user Tuesday, April 13, 2021 2:48:10 AM(UTC)  | Reason: Not specified

ray22901031  
#3 Posted : Tuesday, April 13, 2021 10:33:19 AM(UTC)
ray22901031

Rank: Advanced Member

Groups: Authorized User, Developers
Joined: 2/17/2019(UTC)
Posts: 826

Thanks: 3 times
Was thanked: 13 time(s) in 13 post(s)
Thank you so much for replying, I wish I was a little bit more proficient in C#, but I will get there eventually.

This part of the code is creating a hiccup, please see below.

@using CommerceBuilder.Users
@{
bool isAdminUser = AbleContext.Current.User.IsInRole(Role.AdminRoles);
bool isJrAdminUser = AbleContext.Current.User.IsInRole(Role.JrAdminRoles);
bool isSystemAdminUser = AbleContext.Current.User.IsInRole(Role.SystemAdminRoles);
}

Question: is the IsInRole function using a specific namespace?

Thank you

An error has occured at http://rfl01/Admin/Orders/ViewOrder/31 View less
Exception: Error executing child request for handler 'System.Web.Mvc.HttpHandlerUtil+ServerExecuteHttpHandlerAsyncWrapper'. Stack Trace: at System.Web.HttpServerUtility.ExecuteInternal(IHttpHandler handler, TextWriter writer, Boolean preserveForm, Boolean setPreviousPage, VirtualPath path, VirtualPath filePath, String physPath, Exception error, String queryStringOverride) at System.Web.HttpServerUtility.Execute(IHttpHandler handler, TextWriter writer, Boolean preserveForm, Boolean setPreviousPage) at System.Web.HttpServerUtility.Execute(IHttpHandler handler, TextWriter writer, Boolean preserveForm) at System.Web.Mvc.Html.ChildActionExtensions.ActionHelper(HtmlHelper htmlHelper, String actionName, String controllerName, RouteValueDictionary routeValues, TextWriter textWriter) at System.Web.Mvc.Html.ChildActionExtensions.Action(HtmlHelper htmlHelper, String actionName, String controllerName, RouteValueDictionary routeValues) at ASP._Page_Areas_Admin_Views_Orders_ViewOrder_cshtml.Execute() in C:\Web Sites\AbleCommerce\rfl01\Site\Areas\Admin\Views\Orders\ViewOrder.cshtml:line 74 at System.Web.WebPages.WebPageBase.ExecutePageHierarchy() at System.Web.Mvc.WebViewPage.ExecutePageHierarchy() at System.Web.WebPages.StartPage.ExecutePageHierarchy() at System.Web.WebPages.WebPageBase.ExecutePageHierarchy(WebPageContext pageContext, TextWriter writer, WebPageRenderingBase startPage) at System.Web.Mvc.ViewResultBase.ExecuteResult(ControllerContext context) at System.Web.Mvc.ControllerActionInvoker.InvokeActionResultFilterRecursive(IList`1 filters, Int32 filterIndex, ResultExecutingContext preContext, ControllerContext controllerContext, ActionResult actionResult) at System.Web.Mvc.ControllerActionInvoker.InvokeActionResultFilterRecursive(IList`1 filters, Int32 filterIndex, ResultExecutingContext preContext, ControllerContext controllerContext, ActionResult actionResult) at System.Web.Mvc.ControllerActionInvoker.InvokeActionResultWithFilters(ControllerContext controllerContext, IList`1 filters, ActionResult actionResult) at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass21.b__1e(IAsyncResult asyncResult) at System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult) at System.Web.Mvc.Controller.b__1d(IAsyncResult asyncResult, ExecuteCoreState innerState) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult) at System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult) at System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult) at System.Web.Mvc.MvcHandler.b__5(IAsyncResult asyncResult, ProcessRequestState innerState) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult) at System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStepImpl(IExecutionStep step) at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) Inner Exception: Error executing child request for handler 'System.Web.Mvc.HttpHandlerUtil+ServerExecuteHttpHandlerAsyncWrapper'. Inner Exception Stack Trace: at System.Web.HttpServerUtility.ExecuteInternal(IHttpHandler handler, TextWriter writer, Boolean preserveForm, Boolean setPreviousPage, VirtualPath path, VirtualPath filePath, String physPath, Exception error, String queryStringOverride) at System.Web.HttpServerUtility.Execute(IHttpHandler handler, TextWriter writer, Boolean preserveForm, Boolean setPreviousPage) at System.Web.HttpServerUtility.Execute(IHttpHandler handler, TextWriter writer, Boolean preserveForm) at System.Web.Mvc.Html.ChildActionExtensions.ActionHelper(HtmlHelper htmlHelper, String actionName, String controllerName, RouteValueDictionary routeValues, TextWriter textWriter) at System.Web.Mvc.Html.ChildActionExtensions.Action(HtmlHelper htmlHelper, String actionName, String controllerName, RouteValueDictionary routeValues) at ASP._Page_Areas_Admin_Views_Orders__OrderSummary_cshtml.Execute() in C:\Web Sites\AbleCommerce\rfl01\Site\Areas\Admin\Views\Orders\_OrderSummary.cshtml:line 18 at System.Web.WebPages.WebPageBase.ExecutePageHierarchy() at System.Web.Mvc.WebViewPage.ExecutePageHierarchy() at System.Web.WebPages.WebPageBase.ExecutePageHierarchy(WebPageContext pageContext, TextWriter writer, WebPageRenderingBase startPage) at System.Web.Mvc.ViewResultBase.ExecuteResult(ControllerContext context) at System.Web.Mvc.ControllerActionInvoker.InvokeActionResultFilterRecursive(IList`1 filters, Int32 filterIndex, ResultExecutingContext preContext, ControllerContext controllerContext, ActionResult actionResult) at System.Web.Mvc.ControllerActionInvoker.InvokeActionResultFilterRecursive(IList`1 filters, Int32 filterIndex, ResultExecutingContext preContext, ControllerContext controllerContext, ActionResult actionResult) at System.Web.Mvc.ControllerActionInvoker.InvokeActionResultWithFilters(ControllerContext controllerContext, IList`1 filters, ActionResult actionResult) at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass21.b__1e(IAsyncResult asyncResult) at System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult) at System.Web.Mvc.Controller.b__1d(IAsyncResult asyncResult, ExecuteCoreState innerState) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult) at System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult) at System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult) at System.Web.Mvc.MvcHandler.b__5(IAsyncResult asyncResult, ProcessRequestState innerState) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult) at System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) at System.Web.Mvc.HttpHandlerUtil.ServerExecuteHttpHandlerWrapper.<>c__DisplayClass4.b__3() at System.Web.Mvc.HttpHandlerUtil.ServerExecuteHttpHandlerWrapper.Wrap[TResult](Func`1 func) at System.Web.HttpServerUtility.ExecuteInternal(IHttpHandler handler, TextWriter writer, Boolean preserveForm, Boolean setPreviousPage, VirtualPath path, VirtualPath filePath, String physPath, Exception error, String queryStringOverride) Inner Exception: Error executing child request for handler 'System.Web.Mvc.HttpHandlerUtil+ServerExecuteHttpHandlerAsyncWrapper'. Inner Exception Stack Trace: at System.Web.HttpServerUtility.ExecuteInternal(IHttpHandler handler, TextWriter writer, Boolean preserveForm, Boolean setPreviousPage, VirtualPath path, VirtualPath filePath, String physPath, Exception error, String queryStringOverride) at System.Web.HttpServerUtility.Execute(IHttpHandler handler, TextWriter writer, Boolean preserveForm, Boolean setPreviousPage) at System.Web.HttpServerUtility.Execute(IHttpHandler handler, TextWriter writer, Boolean preserveForm) at System.Web.Mvc.Html.ChildActionExtensions.ActionHelper(HtmlHelper htmlHelper, String actionName, String controllerName, RouteValueDictionary routeValues, TextWriter textWriter) at System.Web.Mvc.Html.ChildActionExtensions.Action(HtmlHelper htmlHelper, String actionName, String controllerName, RouteValueDictionary routeValues) at ASP._Page_Areas_Admin_Views_Orders__OrderSummary_cshtml.Execute() in C:\Web Sites\AbleCommerce\rfl01\Site\Areas\Admin\Views\Orders\_OrderSummary.cshtml:line 18 at System.Web.WebPages.WebPageBase.ExecutePageHierarchy() at System.Web.Mvc.WebViewPage.ExecutePageHierarchy() at System.Web.WebPages.WebPageBase.ExecutePageHierarchy(WebPageContext pageContext, TextWriter writer, WebPageRenderingBase startPage) at System.Web.Mvc.ViewResultBase.ExecuteResult(ControllerContext context) at System.Web.Mvc.ControllerActionInvoker.InvokeActionResultFilterRecursive(IList`1 filters, Int32 filterIndex, ResultExecutingContext preContext, ControllerContext controllerContext, ActionResult actionResult) at System.Web.Mvc.ControllerActionInvoker.InvokeActionResultFilterRecursive(IList`1 filters, Int32 filterIndex, ResultExecutingContext preContext, ControllerContext controllerContext, ActionResult actionResult) at System.Web.Mvc.ControllerActionInvoker.InvokeActionResultWithFilters(ControllerContext controllerContext, IList`1 filters, ActionResult actionResult) at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass21.b__1e(IAsyncResult asyncResult) at System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult) at System.Web.Mvc.Controller.b__1d(IAsyncResult asyncResult, ExecuteCoreState innerState) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult) at System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult) at System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult) at System.Web.Mvc.MvcHandler.b__5(IAsyncResult asyncResult, ProcessRequestState innerState) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult) at System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) at System.Web.Mvc.HttpHandlerUtil.ServerExecuteHttpHandlerWrapper.<>c__DisplayClass4.b__3() at System.Web.Mvc.HttpHandlerUtil.ServerExecuteHttpHandlerWrapper.Wrap[TResult](Func`1 func) at System.Web.HttpServerUtility.ExecuteInternal(IHttpHandler handler, TextWriter writer, Boolean preserveForm, Boolean setPreviousPage, VirtualPath path, VirtualPath filePath, String physPath, Exception error, String queryStringOverride)
shaharyartiwana25816656  
#4 Posted : Wednesday, April 14, 2021 12:28:53 AM(UTC)
shaharyar

Rank: Advanced Member

Groups: Admin, Developers, Registered, HelpDesk, Authorized User
Joined: 10/5/2018(UTC)
Posts: 703

Thanks: 5 times
Was thanked: 113 time(s) in 112 post(s)
Try using the following. Sorry I missed a using statement

Code:
@using CommerceBuilder.Users;
@using CommerceBuilder.Common;
@{
    bool isAdminUser = AbleContext.Current.User.IsInRole(Role.AdminRoles);
    bool isJrAdminUser = AbleContext.Current.User.IsInRole(Role.JrAdminRoles);
    bool isSystemAdminUser = AbleContext.Current.User.IsInRole(Role.SystemAdminRoles);
}

Edited by user Wednesday, April 14, 2021 12:29:41 AM(UTC)  | Reason: Not specified

ray22901031  
#5 Posted : Wednesday, April 14, 2021 4:03:37 AM(UTC)
ray22901031

Rank: Advanced Member

Groups: Authorized User, Developers
Joined: 2/17/2019(UTC)
Posts: 826

Thanks: 3 times
Was thanked: 13 time(s) in 13 post(s)
Thank you very much.

For some reason I got stuck on CommerceBuilder.Utility, and all I needed to do was just go one level up to find the answer, I was using your API developers guide. Adding the proper namespace works like a charm, this gives me the ability to lock up some of the other areas in Ablecommerce where an "order admin" has a little bit too much power.

This is an area of MVC that really shines, since all I'm doing is modifying "view files" and not anything within the Ablecommerce.dll.

If I can offer some advice to not only the development team at Ablecommerce but others on this form. It is extremely easy in Ablecommerce, even if you are just an "order admin" to be able to delete orders effortlessly without consequences from the system. Pray that not one of your workers who has just been terminated or reprimanded, doesn't out of anger just plain malicious intent, highlight a majority of your past orders and delete them.

That's not the main problem, being audited by the IRS is. In my company, orders are never deleted, they are canceled which sets up an audit trail in the event you're ever audited not only by federal, but by state agencies trying to collect sales taxes. I really would recommend in a future release, when you are at the main level and you are viewing orders in the grid, to remove the delete and the export capabilities, only a superuser should ever have these at all.

I am referring here to line numbers 36 & 37 of the _ListOrders.cshtml partial view.

If you ever been audited by any federal or state agency, and they do not have an audit trail to review, they will create one for you and you will be responsible for the fees and penalties (including jail time) associated with this. It is not a pretty thing to endure.

A developer can very easily get stuck in the design of the system, but not realizing the real world consequences that can occur if you're not aware of certain things.

Best wishes,
-Ray

Edited by user Wednesday, April 14, 2021 4:07:48 AM(UTC)  | Reason: Not specified

Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.