0
Script to show/hide controls based on User
Forum / Questions & Answers
I need to hide or show some controls depending on the current loggued user.
2 replies
-
Hi eric. tremblay ,
We currently don't have any scripting that would enable you to do this. We would just limit what the user can see based on the security configured in Views. If a user doesn't have permissions to certain datasets or views, the control would display "Undefined" or be empty.
-
eric. tremblay
You can get the WindowsUserName of the current logged on user and check if they are member of a specific Active Directory group and set the visibility of certain controls if they are authorized.
Here's some example code to let you do that:
using AxiomCore2.Client; using AxiomCore2.ControlProperties; using AxiomCore2.Controls; using AxiomCore2.Data; using AxiomCore2.Events; using AxiomCore2.Legacy; using AxiomCore2.Log; using AxiomCore2.Managers; using System; using System.Collections.Generic; using System.IO; using System.Linq; using System.Collections; using System.Drawing; using System.DirectoryServices; using System.DirectoryServices.AccountManagement; namespace AxiomScript { public partial class ScreenScript : IDisposable { // axiom references public ControlApplication Application { get; } = ControlApplication.Instance; public ControlFactoryManager ControlFactory { get; } = ControlFactoryManager.Instance; public IDataProvider DataProvider { get; } = DataProviderManager.CreateInstance(); public ILog Log { get; } = ClientLog.UserScript; public NavigationManager Navigation { get; } = NavigationManager.Instance; public ControlScreen Screen => _screen; public void OnScreenVisible() { // get arguments used to create the application var args = (AxiomCore2.SerializableSandboxArgs)ClientInfo.Instance.GetType().GetField("_sandboxArgs",System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.Instance).GetValue(ClientInfo.Instance); // get the WindowsUserName property var userName = args.WindowsUserName; // check if the user is member of a specific Active Directory group var authorized = IsUserInGroup(userName, "CanaryAdministrators"); // set the visibility of certain controls if the user is authorized SetControlsVisibility(authorized); Log.Info($"User: {userName} Authorized: {authorized}"); } public void OnScreenInvisible() { } public void Dispose() { } public void SetControlsVisibility(bool authorized){ Label2.IsVisible = authorized; ValueBox2.IsVisible = authorized; } public static bool IsUserInGroup(string userName, string groupName) { // based on example on stackoverflow https://stackoverflow.com/a/76893395/10188134 try { using (PrincipalContext pc = new PrincipalContext(ContextType.Domain)) { var gp = GroupPrincipal.FindByIdentity(pc, groupName); var up = UserPrincipal.FindByIdentity(pc, userName); if (gp == null || up == null) { return false; } DirectoryEntry user = new DirectoryEntry($"LDAP://{up.DistinguishedName}"); DirectorySearcher mySearcher = new DirectorySearcher(user) { SearchScope = SearchScope.Subtree, Filter = $"(memberOf:1.2.840.113556.1.4.1941:={gp.DistinguishedName})" // takes also subgroups }; return !(mySearcher.FindOne() == null); } } catch (Exception) { return false; } } } }
Print this page