Web Dev Bros

Currently I am looking at access control systems, and how best to integrate them with ASP.Net MVC framework. While this framework already provides support for role based access control (RBAC), using the membership classes. I need to implement this on a legacy database, and some how integrate the old system with asp.net forms authentication. This post is about how I realised this, and acts a potential solution. If you can think of a better way, of find any devastating flaws, let me know. ;-)

The scenario is simple, we have four roles defined for the system. They are Students, Graduates, Staff and Administrators. Some staff can be graduates, (or even Students). Administrators are, of course staff! So how you model this? We already know of one bitwise trick from Michal’s post, so let us see how we can use bitwise operations to make this a reality!

First let us revise the results of the bitwise AND operations. You can check Wikipedia for full details.

Converting these back to decimal 1001 is 9 and 0101 is 5. So 9 & 5 = 8. If we convert each of these bits to represent a role in our system, we can come up with a table like this.

So a user of the system with a role number of 8 is an Admin, but in our case, an Admin is also a member of staff, and in fact, a member of staff could also be a student or a graduate. This is where using bitwise operations can really help model such a situation. To get it working, a staff member who is a student will have bits 1 and 3 set to true, while a graduate who is also a staff member will have bits 2 and 3 set to true. We can represent these roles in decimal as User(Staff & Graduate) = 6, while User (Staff & Student) = 5. Get the picture?

Let’s look at a simple real world example. First we have a User class, with a Role property of the type int. The reason we use an integer, is that is can be easily stored in the database.

We also need to create an enumeration, with a Flags attribute. The flags attribute tells the compiler that this enumeration can be treated as a bit field. We then define a value for each role. The reason for using exponents of 2 should become clearer later.

The menu of our website needs to be generated depending on the user role. The menu selection code below should generate the correct menu depending on the user role.

Ok, so let see where the magic happens! If we AND (&) the user assigned role, with the role required, and we compare this result to the role required, we can determine if a user is in the role. Summarised, the end result of the AND operation needs to equal that of the role required. In user class we have the method:

Looking at some binary examples, we can see how it works. In the first example, an admin user wants accesses a graduate item.

It is clear that we have a problem here, because we said that admin could be both staff, and staff may also be graduates. What we need to do is add up the roles, so that this user will access both admin and staff content. Assigning the user the role of Admin and Staff is easy. All we do is:

And the resulting table is:

Now we can easily draw our menu depending on the roles assigned to a user. Adding or removing roles for a user is also easy, just add it or subtract it. I wrote a little project to go with this so you can test it our your self. Thanks to Michi for introducing this, and Dan for helping work it out!

Download the Roles sample project You’ll need to use nUnit to test it.

I am evaluating FluentNHibernate (FNH), to see if it is suitable for a project I am working on. Disappointingly, FNH does not support Store procedures of the box. Of course, FNH is under the BSD licence, so I am sure those who are confident enough can implement this for the rest of us! This post will show how I got FNH to work with stored procedures, and can hopefully be followed as a working example.

FNH extends NHibernate, and automagically generates XML mapping files for your objects. Unfortunately, to get stored procedures to work, you need to take a step backwards, and create good old fashioned hbm.xml files, doing the mappings manually.

Firstly , let us look at the results of the stored procedure that we want to map.

The class that will use this data is called lookup.

The code for this class is:

 
This object will be used to populate a simple drop down list, so that a user can select their county.

When I started using FluentHNibernate, I wanted to totally avoid using XML mappings, so I skipped chapters 3 and 6 of Hibernate in Action. My first mistake! So for those attempting this, it may be worth your while understanding Hibernate mappings before you proceed. (You may also ask why I have the Java Book and my code is in C#, that is because I am quite used to working in different programming languages, so those who prefer examples in .Net examples check NHibernate in Action.)

Let’s move on to creating the mapping file.

IMPORTANT: When you add the mapping file to your project, make sure you set the Build Action to Embedded Resource!

I have created a Lookup.hbm.xml file, and the source is below:

To put it quite simply, lines 5 to 13 map my Lookup class to the columns in the stored procedure, while lines 16 to 20 map the results from the stored procedure my lookup class. Line 22 names the stored procedure. I am not sure if this is the best way to achieve the mappings, so any feedback would be appreciated.

Once your object is nicely mapped, you then need to update your fluent configuration. All you need to do is tell FNH to load hbmMappings from the current assembly. See the snippet below:

To retrieve the list of lookups, I do the following, which populates my results variable with a list of all my lookups.

And that is it, the results variable now contains the list of lookups that I can use to populate my list control.

As an active user of Stackoverflow I came across their new career service. It’s brand new and their vision is to find the perfect employer for each developer. Pretty good idea I think. STO has a lot of bright brains, which can be a huge profit for corporations looking for great staff.

Amongst other job platforms, it stands out by providing developer specific details such as First computer, Favorite technologies, Likes, Dislikes, etc. Currently they’re offering a 3 year membership for only USD29.00. Once inside, you sit back, drink tea and wait.

Since their launch Stackoverflow provided me a lot of answers to my questions, which no other site achieved so far. That’s why it’s time to give back to them. I decided to subscribe for the 3yr membership.

Want to hire me?
http://careers.stackoverflow.com/michal

I love Gravatar. So does Android now.

Are you on Android? Do you care of having nice up-to-date photos of your callers? If yes, then you might check out this little new application (Search market for Gravatar Importer) which walks through your contacts and checks if any of them has a Gravatar picture online. Once a Gravatar is found, it is added to the respective contact.

Combine this with Facebook Sync and you might end up with a phone book full of beautiful photos. Could life be any simpler? Indeed, it could! Someone needs to come up with an app which combines all of them and keeps automatically updating photos from all kind of sources such as Facebook, Gravatar, LinkedIn, Xing, etc.

Continue reading ‘Android Gravatar Importer. Update your phone book with caller photos’ »

Long time, no news…. It’s been almost 6 weeks since the last update of Siam Flex Framework. But today I am proud to present to you the first beta release of Siam!

I’ve been spending a lot of time refining the core elements of Siam to ensure that we have the right API going forward.

So what’s new?

• Easier configuration with improved syntax and default specification
• Editors and validators are now supported
• Simpler API using factory and context classes
• Structured import for all data representation classes
• More control over formatting behavior

Where can I download it?

The project is hosted at http://code.google.com/p/siam-flex/.

You can try out the latest features with the Siam Flex Explorer:

The explorer encapsulate an example of application using all features of Siam and allows you to alter its XML configuration at run-time for demonstration purposes. The embedded example include implementations of a dynamic data grid and form, as wells as an adapted chart component.

Details follow below… Continue reading ‘Siam Flex framework | First Beta Released! (0.4.0)’ »

Lately I’ve started listening to music on my iPod while coding. Some people love it, some hate it. As with me, I enjoy it so far – seems to inspire me. Nevertheless, I can’t do it all the day.

Anyway. Whatever.

If you are not the only one who listens to his iPod in your office, then try this simple game:

Switch iPods with your colleagues and get a chance to widen your music taste. It’s interesting. You’ll be surprised what your mates are listening too.

Ever needed to examine a response for a given request? Here we go! hurl is a neat and simple web based service which allows us to initiate a customized HTTP request and presents the resulting response in a nicely formatted manner. Free, responsive and several configuration options.

This is how Chris and Leah – the creators of hurl – put it:

Hurl makes HTTP requests.

Choose the request method, customize headers and POST parameters, add basic authorization, and even follow redirects. Then view the nicely formatted request and response.

It’s the perfect tool for testing APIs. Just enter a URL and click send.

Formatted request details (incl. followed redirects!)

Formatted response example

I’ve been using my HTC touch HD for almost 2 months now, it’s about the same period of time my friend’s been using his brand new Android powered mobile phone, HTC Magic. Ever since we started using our new phones, we’ve been having several discussions trying to figure out which smartphone is worth the money spent for it.  Many people especially developer or techie might ask “why wasting time comparing these 2 phones?” because they would vote for HTC Magic anyway.  Anyhow, my intention in writing this review is just to provide you with the truth about the phones through my own personal experience. So I decided to make a comparison between these two devices –“HTC touch HD”, one of the most complete multimedia supported phone available in the global market and “HTC Magic”, the one that is expected to be an iPhone killer.    

     

Overview

If you have owned a Windows Mobile device for the past 4-5 years, then you are familiar with Windows Mobile tab style user interface and its sluggish-paced product development (from Windows Mobile 2003 to Windows Mobile 5 and later on Window Mobile 6)……. Continue reading ‘HTC Magic VS HTC Touch HD’ »

When you implement a new feature somewhere, when you change just some bits of your code, when you fix a bug, or you just change a common text in an app… What do you do afterwards? Do you really check the result or do you trust yourself that it works fine 100%. It is an interesting thing to talk about… Continue reading ‘Testing code changes, bugfixes, new features, …’ »

If you have ever used the Flex introspection method describeType(), you certainly have noticed it doesn’t output any style metadata. The only way I found so far was to instantiate the UIComponent type I’m looking at and call the function regenerateStyleCache(false). The entire list of available styles is then accessible via the properties inheritingStyles and nonInheritingStyles. Generating the style cache is computation-intensive so like most reflection and introspection operations make effective use of it :)

Some code example after the jump… Continue reading ‘Flex Style Introspection’ »