TechQA.

How to Disable Buttons Based on User Type

2.2k views Asked by At

I have a table in my sql database called "usertype". My website has a registration form where the user will choose which type of user s/he is. So, what I want is that, when the user type of the person who logs in is User add, edit and delete buttons would be disable in the List of Faculty page of the website.

Click the link to see how my usertype table looks like:

http://i44.tinypic.com/2j34cau.jpg

And this is my code for Register.aspx.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.SqlClient;

public partial class Register : System.Web.UI.Page
{

    SqlConnection con = new SqlConnection(Helper.GetConnection());
    protected void Page_Load(object sender, EventArgs e)
    {
        if (!IsPostBack)
        {
            GetUserType();
        }
    }

    void GetUserType()
    {
        con.Open();
        SqlCommand cmd = new SqlCommand();
        cmd.Connection = con;
        cmd.CommandText = "SELECT ID, userType FROM type";
        SqlDataReader dr = cmd.ExecuteReader();
        ddlType.DataSource = dr;
        ddlType.DataTextField = "userType";
        ddlType.DataValueField = "ID";
        ddlType.DataBind();
        con.Close();
    }

    bool IsExisting(string email)
    {
        bool existing = true; //initial Value
        con.Open();
        SqlCommand cmd = new SqlCommand();
        cmd.Connection = con;
        cmd.CommandText = "SELECT userEmail FROM users WHERE userEmail = @userEmail";
        cmd.Parameters.Add("userEmail", SqlDbType.VarChar).Value = email;

        SqlDataReader dr = cmd.ExecuteReader();

        if (dr.HasRows) // record (email Address) is existing
            existing = true;
        else //record is not existing
            existing = false;

        con.Close();
        return existing;
    }

    protected void btnRegister_Click(object sender, EventArgs e)
    {
        if (!IsExisting(txtEmail.Text)) //if email not existing
        {
            con.Open();
            SqlCommand cmd = new SqlCommand();
            cmd.Connection = con;
            cmd.CommandText = "INSERT INTO users VALUES (@TypeID, @userFN, @userLN, @userEmail, @userPassword, @userAddress, @userContact, @userCourse, @userSection, @userSchool)";
            cmd.Parameters.Add("@TypeID", SqlDbType.Int).Value = ddlType.SelectedValue;
            cmd.Parameters.Add("@userFN", SqlDbType.VarChar).Value = txtFN.Text;
            cmd.Parameters.Add("@userLN", SqlDbType.VarChar).Value = txtLN.Text;
            cmd.Parameters.Add("@userEmail", SqlDbType.VarChar).Value = txtEmail.Text;
            cmd.Parameters.Add("@userPassword", SqlDbType.VarChar).Value = Helper.CreateSHAHash(txtPassword.Text);
            cmd.Parameters.Add("@userAddress", SqlDbType.VarChar).Value = "";
            cmd.Parameters.Add("@userContact", SqlDbType.VarChar).Value = "";
            cmd.Parameters.Add("@userCourse", SqlDbType.VarChar).Value = "";
            cmd.Parameters.Add("@userSection", SqlDbType.VarChar).Value = "";
            cmd.Parameters.Add("@userSchool", SqlDbType.VarChar).Value = "";

            cmd.ExecuteNonQuery();
            con.Close();

            string message = "Hello, " + txtFN.Text + " " + txtLN.Text + "! <br />"
                + "<br />You have successfully registered in our website. <br />" + "<br /> Click <a href = 'http://localhost:7773/PROJECT%20%5BWB-DEV1%5D/Login.aspx'>" + "here</a> to login <br /> <br />" + "Regards, <br /> " + "The Administrator";
            Helper.SendEmail(txtEmail.Text, "Registered Successfully", message);

            Response.Redirect("Login.aspx");
        }

        else //error existing
        {
            error.Visible = true;
        }
    }
}

This is the Faculty.aspx.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;

using System.Data;
using System.Data.SqlClient;

public partial class Faculty : System.Web.UI.Page
{
    SqlConnection con = new SqlConnection(Helper.GetConnection());

    protected void Page_Load(object sender, EventArgs e)
    {
        GetProfessor();
    }
    void GetProfessor()
    {
        con.Open();
        SqlCommand cmd = new SqlCommand();
        cmd.Connection = con;
        cmd.CommandText = "SELECT ProfNo, SchoolID, LastName, FirstName, MI, " +
            "Address, ContactNo, EmailAddress FROM Professor";
        SqlDataAdapter da = new SqlDataAdapter(cmd);
        DataSet ds = new DataSet();
        da.Fill(ds, "Professor");

        gvProfessor.DataSource = ds;
        gvProfessor.DataBind();
        con.Close();
    }
    protected void gvProfessor_SelectedIndexChanged(object sender, EventArgs e)
    {
        btnEdit.Visible = true;
        btnDelete.Visible = true;
        btnAdd.Visible = true;
    }
    protected void btnDelete_Click(object sender, EventArgs e)
    {
        con.Open();
        SqlCommand cmd = new SqlCommand();
        cmd.Connection = con;
        cmd.CommandText = "DELETE FROM Professor WHERE ProfNo=@ProfNo";
        cmd.Parameters.Add("@ProfNo", SqlDbType.Int).Value =
            gvProfessor.SelectedRow.Cells[0].Text;
        cmd.ExecuteNonQuery();
        con.Close();
        GetProfessor();
    }
    protected void btnEdit_Click(object sender, EventArgs e)
    {
        Session["ID"] = gvProfessor.SelectedRow.Cells[0].Text;
        Response.Redirect("EditFaculty.aspx");
    }
    protected void btnAdd_Click(object sender, EventArgs e)
    {
        Response.Redirect("AddFaculty.aspx");
    }

}

The btnAdd, btnEdit, btnDelete should be disable when its a User, and should be enabled when its an Admin.

I'm new to this and I hope you can help me. Thanks!

c# asp.net database button usertype
Original Q&A
2

There are 2 answers

1
wilso132 On

Since you didn't provide any code, all I can give you is pseudo-code:

protected void Page_Load(object sender, EventArgs e)
{
    if(!IsPostBack)
    {
        // If the user type doesn't equal user, they're enabled
        btnAdd.Enabled = user.Type != "User";
        btnEdit.Enabled = user.Type != "User";
        btnDelete.Enabled = user.Type != "User";
    }
}
0
dst3p On

If your user types are stored in the database as IDs, the best way to handle this is to create an enum whose values match the IDs in your database. The enum would look like this.

public enum UserType
{
    Unknown = 0,
    Admin = 1,
    User = 2
}

Then, your code would look similar to this. 

protected void Page_Load(object sender, EventArgs e)
{
    SetButtonsEnabledDisabled(IsAdmin(userType));
}

private bool IsAdmin(int userTypeId)
{
    return userTypeId == (int)UserType.Admin;
}

private void SetButtonsEnabledDisabled(bool isEnabled)
{
    ButtonAdd.Enabled = isEnabled;
    ButtonEdit.Enabled = isEnabled;
    ButtonDelete.Enabled = isEnabled;
}

It's a good idea to store your IDs in an enum, if for no other reason than to increase the readability of your code. In Faculty.aspx.cs, you need to do a check on your currently logged in user. Whether you're passing some value through a query string, or doing an extra database call, I'm not going to architect it for you. But once you have that context, you can apply that to enable or disable your buttons.

Another thing to note is it's always a BAD idea to put data layer code in your code behind. Have a look at this SO answer for reasons why. https://stackoverflow.com/a/5318242/1717855

Related Questions in C#

Related Questions in ASP.NET

Related Questions in DATABASE

Related Questions in BUTTON

Related Questions in USERTYPE

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions