Howdy, Stranger!
Categories
- All Categories
- 73 General
- 73 Announcements
- 66.5K Microsoft Dynamics NAV
- 18.5K NAV Three Tier
- 38.4K NAV/Navision Classic Client
- 3.6K Navision Attain
- 2.4K Navision Financials
- 115 Navision DOS
- 854 Navision e-Commerce
- 1K NAV Tips & Tricks
- 772 NAV Dutch speaking only
- 615 NAV Courses, Exams & Certification
- 2K Microsoft Dynamics-Other
- 1.5K Dynamics AX
- 262 Dynamics CRM
- 109 Dynamics GP
- 10 Dynamics SL
- 1.5K Other
- 992 SQL General
- 385 SQL Performance
- 33 SQL Tips & Tricks
- 34 Design Patterns (General & Best Practices)
- Architectural Patterns
- 10 Design Patterns
- 5 Implementation Patterns
- 53 3rd Party Products, Services & Events
- 1.7K General
- 1.1K General Chat
- 1.6K Website
- 79 Testing
- 1.2K Download section
- 23 How Tos section
- 259 Feedback
- 12 NAV TechDays 2013 Sessions
- 13 NAV TechDays 2012 Sessions
Options
Check if user belongs to a certain role in a certain company
kriki
Member, Moderator Posts: 9,096
Function UserBelongsToRoleInCompany(ItxtUserID:text250 ; IcodRoleID:Code20 ; ItxtCompany:Text30): Boolean
// Checks if a user belongs to a certain role in a certain company
// PARAMETERS:
// ItxtUserID:user to check (mostly USERID)
// IcodRoleID:the role ID to check (can also be 'SUPER')
// ItxtCompany:Company to check (mostly COMPANYNAME)
// RETURN-VALUE:TRUE : user belongs to the role in the company ; FALSE:user doesn't belong to the role in the company
// local variables :
// LrecMemberOf : record of table 2000000003
// LrecWindowsAccessControl : record of table 2000000053
LrecMemberOf.RESET;
LrecMemberOf.SETCURRENTKEY("User ID","Role ID",Company);
LrecMemberOf.SETRANGE("User ID",ItxtUserID);
LrecMemberOf.SETRANGE("Role ID",IcodRoleID);
LrecMemberOf.SETFILTER(Company,'%1|%2',ItxtCompany,'');
IF LrecMemberOf.FIND('-') THEN
EXIT(TRUE);
LrecWindowsAccessControl.RESET;
LrecWindowsAccessControl.SETCURRENTKEY("Login SID","Role ID","Company Name");
LrecWindowsAccessControl.SETRANGE("Login SID",ItxtUserID);
LrecWindowsAccessControl.SETRANGE("Role ID",IcodRoleID);
LrecWindowsAccessControl.SETFILTER("Company Name",'%1|%2',ItxtCompany,'');
IF LrecWindowsAccessControl.FIND('-') THEN
EXIT(TRUE);
EXIT(FALSE);
Regards,Alain Krikilion
No PM,please use the forum. || May the <SOLVED>-attribute be in your title!
No PM,please use the forum. || May the <SOLVED>-attribute be in your title!
1
Comments
You can also test windows groups and not only windows users. But if you use windows groups, the user you are testing MUST be the current user.
UserHasRoleInCompany(ItxtUserID : Text[80];IcodRoleID : Code[20];ItxtCompanyName : Text[30];IblnSuperUsersHaveAll : Boolean;IblnCheckWindowsUsers) AS Boolean // UserHasRoleInCompany() // IMPORTANT : Windows-groups CAN ONLY be tested if ItxtUserID is CURRENT USER!!! // Checks if a user belongs to a certain group in a certain company // PARAMETERS: // ItxtUserID : user to be tested // IcodRoleID : role ID to be tested // ItxtCompanyName : company name to be tested // IblnSuperUsersHaveAll : TRUE : if the user has the super role, then he is considered to have also "IcodRoleID" // FALSE: if the user is super, he still needs explicitly "IcodRoleID" // IblnCheckWindowsUsers : TRUE : check also windows users // FALSE : DON'T check windows users // RETURN-VALUE : TRUE : user belongs to the role ID in the company ; FALSE : user does NOT belong... LblnUserIDIsCurrentUser := (UPPERCASE(ItxtUserID) = UPPERCASE(USERID)); // first check in the temptables. If I find the record there, I don't need to do DB-access IF STRLEN(ItxtUserID) <= MAXSTRLEN(LrecMemberOf."User ID") THEN BEGIN // if the length of the user to be tested is longer the DB-field, it means it is a windows user tmpMemberOf.RESET; tmpMemberOf.SETCURRENTKEY("User ID","Role ID",Company); tmpMemberOf.SETRANGE("User ID",UPPERCASE(ItxtUserID)); IF IblnSuperUsersHaveAll THEN tmpMemberOf.SETFILTER("Role ID",'%1|%2',IcodRoleID,'SUPER') ELSE tmpMemberOf.SETRANGE("Role ID",IcodRoleID); tmpMemberOf.SETFILTER(Company,'%1|%2','',ItxtCompanyName); IF tmpMemberOf.FINDFIRST THEN EXIT(TRUE); END; IF IblnCheckWindowsUsers THEN BEGIN tmpWindowsLogin.RESET; tmpWindowsLogin.SETFILTER(ID,'@*\' + ItxtUserID); // this is slow, because it is some flowfield // ItxtUserID of a Windowsuser is without the domain (at least on the system where I tested it IF tmpWindowsLogin.FINDFIRST THEN BEGIN tmpWindowsAccessControl.RESET; tmpWindowsAccessControl.SETCURRENTKEY("Login SID","Role ID","Company Name"); tmpWindowsAccessControl.SETRANGE("Login SID",tmpWindowsLogin.SID); IF IblnSuperUsersHaveAll THEN tmpWindowsAccessControl.SETFILTER("Role ID",'%1|%2',IcodRoleID,'SUPER') ELSE tmpWindowsAccessControl.SETRANGE("Role ID",IcodRoleID); tmpWindowsAccessControl.SETFILTER("Company Name",'%1|%2','',ItxtCompanyName); IF tmpWindowsAccessControl.FINDFIRST THEN EXIT(TRUE); END; IF LblnUserIDIsCurrentUser THEN BEGIN tmpWindowsAccessControlCurUser.RESET; tmpWindowsAccessControlCurUser.SETCURRENTKEY("Role ID"); IF IblnSuperUsersHaveAll THEN tmpWindowsAccessControlCurUser.SETFILTER("Role ID",'%1|%2',IcodRoleID,'SUPER') ELSE tmpWindowsAccessControlCurUser.SETRANGE("Role ID",IcodRoleID); tmpWindowsAccessControlCurUser.SETFILTER("Company Name",'%1|%2','',ItxtCompanyName); IF NOT tmpWindowsAccessControlCurUser.ISEMPTY THEN EXIT(TRUE); END; END; IF STRLEN(ItxtUserID) <= MAXSTRLEN(LrecMemberOf."User ID") THEN BEGIN // if the length of the user to be tested is longer the DB-field, it means it is a windows user LrecMemberOf.RESET; LrecMemberOf.SETCURRENTKEY("User ID","Role ID",Company); LrecMemberOf.SETRANGE("User ID",UPPERCASE(ItxtUserID)); IF IblnSuperUsersHaveAll THEN LrecMemberOf.SETFILTER("Role ID",'%1|%2',IcodRoleID,'SUPER') ELSE LrecMemberOf.SETRANGE("Role ID",IcodRoleID); LrecMemberOf.SETFILTER(Company,'%1|%2','',ItxtCompanyName); IF LrecMemberOf.FINDFIRST THEN BEGIN tmpMemberOf := LrecMemberOf; tmpMemberOf.INSERT(FALSE); EXIT(TRUE); END; END; IF IblnCheckWindowsUsers THEN BEGIN tmpWindowsLogin.RESET; tmpWindowsLogin.SETFILTER(ID,'@*\' + ItxtUserID); // this is slow, because it is some flowfield IF NOT tmpWindowsLogin.FINDFIRST THEN BEGIN LrecWindowsLogin.RESET; LrecWindowsLogin.SETFILTER(ID,'@*\' + ItxtUserID); // this is slow, because it is some flowfield // ItxtUserID of a Windowsuser is without the domain (at least on the system where I tested it IF NOT LrecWindowsLogin.FINDFIRST THEN BEGIN EXIT(FALSE); END ELSE BEGIN tmpWindowsLogin := LrecWindowsLogin; tmpWindowsLogin.INSERT(FALSE); END; END; LrecWindowsAccessControl.RESET; LrecWindowsAccessControl.SETCURRENTKEY("Login SID","Role ID","Company Name"); LrecWindowsAccessControl.SETRANGE("Login SID",tmpWindowsLogin.SID); IF IblnSuperUsersHaveAll THEN LrecWindowsAccessControl.SETFILTER("Role ID",'%1|%2',IcodRoleID,'SUPER') ELSE LrecWindowsAccessControl.SETRANGE("Role ID",IcodRoleID); LrecWindowsAccessControl.SETFILTER("Company Name",'%1|%2','',ItxtCompanyName); IF LrecWindowsAccessControl.FINDFIRST THEN BEGIN tmpWindowsAccessControl := LrecWindowsAccessControl; tmpWindowsAccessControl.INSERT(FALSE); EXIT(TRUE); END; IF LblnUserIDIsCurrentUser THEN BEGIN LrecUserSID.RESET; IF LrecUserSID.FINDSET THEN REPEAT LrecWindowsAccessControl.RESET; LrecWindowsAccessControl.SETCURRENTKEY("Login SID","Role ID","Company Name"); LrecWindowsAccessControl.SETRANGE("Login SID",LrecUserSID.SID); IF IblnSuperUsersHaveAll THEN LrecWindowsAccessControl.SETFILTER("Role ID",'%1|%2',IcodRoleID,'SUPER') ELSE LrecWindowsAccessControl.SETRANGE("Role ID",IcodRoleID); LrecWindowsAccessControl.SETFILTER("Company Name",'%1|%2','',ItxtCompanyName); IF LrecWindowsAccessControl.FINDFIRST THEN BEGIN tmpWindowsAccessControlCurUser := LrecWindowsAccessControl; tmpWindowsAccessControlCurUser.INSERT(FALSE); EXIT(TRUE); END; UNTIL LrecUserSID.NEXT = 0; END; END; EXIT(FALSE);No PM,please use the forum. || May the <SOLVED>-attribute be in your title!