Show a List of Users Allowed to Read an Object
- 2 minutes to read
This topic demonstrates how to create an Action to display a list of users whose roles allow reading a specific object.
- Create a View Controller with PopupWindowShowAction. This Action displays a list of users in a pop-up window.
- In the CustomizePopupWindowParams event handler, use the GetSecurityStrategy(XafApplication) method to get a Security Strategy instance.
- Get the ListView’s Object Space and use its CreateListView(Type, Boolean) method to create a new List View for user objects.
- Use the IObjectSpace.GetObjects<T>() method to get a list of all users.
- To check if each user has permissions that allow reading a target object, use the CanReadByUser(SecurityStrategy, IPermissionPolicyUser, Type, IObjectSpace, Object, String) method.
- Customize the List View’s Collection Source and set the CustomizePopupWindowParamsEventArgs.View property to the created List View.
using System;
using System.Collections.Generic;
using DevExpress.Data.Filtering;
using DevExpress.ExpressApp;
using DevExpress.ExpressApp.Actions;
using DevExpress.ExpressApp.Security;
using DevExpress.Persistent.Base;
using DevExpress.Persistent.BaseImpl.PermissionPolicy;
// ...
public class DisplayUsersWithObjectAccessController : ViewController<DetailView> {
PopupWindowShowAction displayUsersAction;
public DisplayUsersWithObjectAccessController() : base() {
displayUsersAction = new PopupWindowShowAction(this, "DisplayUsersWithObjectAccess", PredefinedCategory.View);
displayUsersAction.ImageName = "Context_Menu_Show_In_Popup";
displayUsersAction.CustomizePopupWindowParams += DisplayUsersAction_CustomizePopupWindowParams;
}
private void DisplayUsersAction_CustomizePopupWindowParams(object sender, CustomizePopupWindowParamsEventArgs e) {
Type userType = typeof(ApplicationUser);
ListView listView = Application.CreateListView(userType, true);
SecurityStrategy securityStrategy = Application.GetSecurityStrategy();
List<ApplicationUser> users = new List<ApplicationUser>();
IObjectSpace objectSpace = listView.ObjectSpace;
foreach (ApplicationUser user in objectSpace.GetObjects<ApplicationUser>()) {
if (securityStrategy.CanReadByUser(user,
View.ObjectTypeInfo.Type,
View.ObjectSpace,
View.ObjectSpace.GetKeyValue(View.CurrentObject))) {
users.Add(user);
}
}
listView.CollectionSource.Criteria["UsersWithObjectAccess"] = new InOperator(objectSpace.GetKeyPropertyName(userType), users);
e.View = listView;
}
}
The following image shows the result:
Note
Refer to the following help topic to see other methods to check a user’s or role’s permissions: Determine if the Current User Has Specific Permissions.
See Also