Hi;

I would like to set the authorisation for the user that access to the application, when the check is done that the user doesn't hv the permission to use the particular function (add/delete/edit record), then the button will be disable from user view.

I have following code, it's seem my way of doing not tht efficient where, when user is access the particular form, it's need to check again and again from the database if the user have the authorisation to do something, how could i store the access right once, when the user load the same form again, code will not get back to database to check again.. (not too if that is the right way of doing)

After all, i think i have no idea on how could i handle the access right correctly.. still feel the code written below not the right one and inefficient.

wanted to have help here.. thank you.

public enum UserPermission
    {
        addJob,
        deleteJob,
        editJob
        //other permission...
    }


public void permissionType(UserPermission HandlePermission)
        {
            switch (HandlePermission)
            {
                case UserPermission.addJob:
                    SqlConnection conn = new SqlConnection(string.Format("Data Source={0};Initial Catalog={1};Integrated Security=True"
                                            , ServerName
                                            , DatabaseName)
                                            );
                    SqlCommand cmd = new SqlCommand();
                    cmd.CommandType = CommandType.Text;
                    cmd.CommandText = "SELECT COUNT(*) FROM USER_PERMISSION WHERE PERMISSION_ID = 'addJob' and USERID = @userid"
                    cmd.Parameters.AddWithValue("@userid", userID);
                    cmd.Connection = conn;

                    conn.Open();

                    int getAddPermission = (int)cmd.ExecuteScalar();
                    conn.Close();

                    if (getAddPermission == 0)
                    {
                        btn_Add.Enabled = false;
                    }
                    break;



                  case UserPermission.deleteJob:
                    SqlConnection conn = new SqlConnection(string.Format("Data Source={0};Initial Catalog={1};Integrated Security=True"
                                            , ServerName
                                            , DatabaseName)
                                            );
                    SqlCommand cmd = new SqlCommand();
                    cmd.CommandType = CommandType.Text;
                    cmd.CommandText = "SELECT COUNT(*) FROM USER_PERMISSION WHERE PERMISSION_ID = 'deleteJob' and USERID = @userid"
                    cmd.Parameters.AddWithValue("@userid", userID);
                    cmd.Connection = conn;

                    conn.Open();

                    int getDeletePermission = (int)cmd.ExecuteScalar();
                    conn.Close();

                    if (getDeletePermission == 0)
                    {
                        btn_Delete.Enabled = false;
                    }
                    break;

               


                default:
                    btn_Add.Enabled = true;
                    btn_Delete.Enabled = true;
                     
                    break;
            }
        }


 private void Form1_Load(object sender, EventArgs e)
        {
                        
            permissionType(UserPermission.deleteJob);
            permissionType(UserPermission.addJob);
        }
This article has been dead for over six months. Start a new discussion instead.