Click here to Skip to main content
15,881,092 members
Search within:


How to handle user permission in a win forms MVP application
Please Sign up or sign in to vote.
4.00/5 (1 vote)
In a windows forms payroll application (for a small scale client) I'm planing user permission handling as follows.

NOTE : System could be simultaneously used by few users (maximum 3) and the database is at the server side.


User Tables in the database.

USER (user_id[pk], name, access_level, status)

PERMISSION (permission_id[pk], permission_detail)

USER_PERMISSION (user_id[pk][fk], permission_id[pk][fk])


I would maintain user list in `USER` table and permission list in `PERMISSION` table (permission details are the accessible module names). Intermediate table `USER_PERMISSION` would map the users with the permissions. `UESR` and `PERMISSION` tables have `1:M` relationships with `USER_PERMISSION` table.

When an user login to the system, first the system will validate the user and if its valid then the home screen will be shown and the logged user's `ID` will be hold in a global variable accessible to every presenter. When the user try to access a specific module, the system will read that global variable to find the current user's `ID` and then it will look in the `USER_PERMISSION` table whether there is an entry relevant to that user id and the module name in which the user is trying to login. If there is and entry, then the user will be given the access to that particular module.

When user log off the variable holding the current user id will be cleared.

1. In this approach is it okay to hold the current user's `ID` in application memory? or should be written to a local file?

2. Modifications to the data in the tables should be tracked and in this purpose should I maintain a separate column on each table (ones should be monitored) to hold the `ID` of the user who is modifying the record?

EDIT:

3. Can we use `SQL-SERVER` user rolls/ logins in this purpose? and can this user action login stuff be handed over to `SQL-SERVER`?

When controlling `Read/Write` permissions in `Forms`, the respective `Presenter` handle the logic and set the properties in the `View` (properties like `IsModifyAllowed{get;set;}`, `IsDeleteAllowed{get;set;}` etc.) according to the current users permissions. So that the View could handle the rest of the things by `enabling / disabling` controllers in the `View`.

4. In this approach should the every Model have a matching property like in the view(in this case `IsModifyAllowed{get; set;}` etc. )?

5. What is the most widely used approach in this case?
Posted
Updated 7-Jun-14 8:10am
v3
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Handling of cart session and user
Handling User Permissions by Linking Membership tables to Application Tables
MVP implementation details in WinForms
I want to give user role access permission for multiple users.
How to store images in MS SQL server database from VB.NET win form application with minimal database space?
Granting permissions to local user account to issue custom command to windows service from ASP.NET web application
How to adjust screen of win form application According to System Resolution
Login Form with Permissions for users
logical error while handling users in chatting form
Set Permission to a file using C#

Advertise
Privacy
Cookies
Terms of Use
Last Updated 7 Jun 2014
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web03 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900