Article 623 Subject Re: Webbroker : How to check if a user can view a page. [Edit] on embarcadero.public.datasnap

Article

From:

Robert Triest

📋

To:

Robert Triest

Subject:

Re: Webbroker : How to check if a user can view a page. [Edit]

Newsgroup:

embarcadero.public.datasnap

Previous
in thread

11-May-2011

Re: Webbroker : How to check if a user can view a page. [Edit]

Sneaky I asked this question again in this thread:


https://forums.embarcadero.com/thread.jspa?threadID=53812&tstart=0


Mathew DeLong suggested to look at this page:


http://code.marcocantu.com/p/delphirelax/


But I looked if I could solve my problem ONLY using the Session created
by Session := TDSSessionManager.GetThreadSession in the Authentication event.
(Not to handle extra user objects/framework)


I came up with the following working method:


1) Create the session in the authentication of the server webmodule.


{code}
procedure TWebModuleServer.DSAuthenticationManager1UserAuthenticate(
  Sender: TObject; const Protocol, Context, User, Password: string;
  var valid: Boolean; UserRoles: TStrings);
var Session: TDSSession;
    LoginObject : TLoginObject;
begin
  valid:=False;
  LoginObject:=TLoginObject.Create('databasename');
  Try
    LoginObject.Name:=User;
    if not LoginObject.qryLogin.Eof then
    Begin
      if LoginObject.Password=Password then
      Begin
        valid:=True;
        Session := TDSSessionManager.GetThreadSession;
        Session.PutData('userid', IntToStr(LoginObject.ID));
      End;
    End;
  Finally
    LoginObject.Free;
  End;
end;
{code}

2) Since the Servermethods can check the Session I return the webpage by a Servermethod function.

{code}
function TServerMethods1.GetMainPage(aPageParam : Integer): String;
Var Session: TDSSession;
    UserID : String;
    OnlineMainHTMLObject: TOnlineMainHTMLObject;
begin
  //the Result should be on every place a nice formatted HTML page..
  Result:='No login';
  Session := TDSSessionManager.GetThreadSession;
  if Session<>NIL then
  Begin
    UserID:=Session.GetData('userid');
    if UserID<>'' then
    Begin

//Now I have both; the UserSession info (userid) and the Parameter from the URL (aPageParam).

//So, Here I can use the aPageParam also to verify if the userid can view the aPageParam page.. //not implemented.. If userid is allowed to view the aPageParam page then begin

OnlineMainHTMLObject:=TOnlineMainHTMLObject.Create(StrToInt(UserID));

      Try
        Result:=OnlineMainHTMLObject.HTML;
      Finally
        OnlineMainHTMLObject.Free;
      End;
    End else Result:='Session Not OK.';
  End;
end;
{code}

3) In the HTML I ask for the Page via the Servermethod and add a Tag to receive the PageParam.

{code}
<html>
<head>
<title>Test</title>




<script>
function serverMethods()
{
  return new <#classname>(connectionInfo);
}
</script>


<body>


<script type="text/javascript">
var s = serverMethods().GetMainPage(<#PageParam>);
document.write(s.result)
</script>


</body>
</html>
{code}

4) In the Server Webmodule I can catch the pageparam and fill the <#PageParam> tag for the pageproducer.

{code}
procedure TWebModuleServer.MainPageHTMLTag(Sender: TObject; Tag: TTag;
  const TagString: string; TagParams: TStrings; var ReplaceText: string);
Var ReturnText : String;
      aPageParam : String;
begin
  aPageParam:=Request.ContentFields.Values['id'];


  ReturnText:=AddDefaultTags(TagString);
  if ReturnText<>'' then ReplaceText:=ReturnText
  else
    if SameText(TagString, 'PageParam') then
    Begin
      ReplaceText:=aPageParam;
    end else
    ReplaceText:='';
end;
{code}

FYI: Phrase searches are enclosed in either single or double quotes