Question command buttons disabled except the user roles

[Godis]

Hi Forum Colleagues,

Gratefully appreciate your prompt assistance when I post a question on the platform.

On developing my payroll database, I have gotten to a stage of building users access control. I have successfully created the users login control, where when the user role logs in within the respective role, with the username and password the user is directed to the dashboard where all the respective links to their respective privileges are accessed.

Now, my current problem is that, apart from the Admin, whenever any user logs in, all other command buttons on the dashboard should be disabled except the command button of the user role that logged. Other roles on the dashboard are Accountant, HR and ReadOnly.

I want to attach the text code so that someone could help modify my effort for me.

Thanks for your assistance

        private void loginButton_Click(object sender, EventArgs e)

        {
            SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["con"].ConnectionString);
            SqlCommand command = new SqlCommand();
            con.Open();

            string userText = userTextBox.Text;
            string passText = pwdTextBox.Text;

            SqlCommand cmd = new SqlCommand("select role from UsersLogin where UserName='" + userTextBox.Text + "'and Password='" + pwdTextBox.Text + "'", con);
            SqlDataAdapter da = new SqlDataAdapter(cmd);
            DataTable dt = new DataTable();
            da.Fill(dt);
            if (dt.Rows.Count > 0)
            {
                MessageBox.Show("Welcome to the Dashboard");
                this.Hide();
                Dashboard dashboard = new Dashboard();
                dashboard.Show();

                cmd = new SqlCommand("SELECT Role from UsersLogin where Username=@Username", con);
                cmd.Parameters.AddWithValue("[USER=7968]@username[/USER]", userText);
                string role = cmd.ExecuteScalar().ToString();
                MessageBox.Show("Welcome " + role);
                con.Close();
            }    
            else
            {
                MessageBox.Show("Access Denied!!");
                Application.Exit();
            }
            con.Close();
        }

 

[NoUserHere]

Your topics should all be closed until you learn to follow simple instructions. You've been asked a number of times before to post your code in code tags. Your posts are just creating unnecessary work for moderators. Asked here , here , and now you've done it again. I personally refuse to read code from anyone that doesn't format the code with code tags, so you are only delaying yourself support.

Kudos

 

[Skydiver]

Lol! I agree. The code should be in code tags. But by not reading it now, you are missing out on the irony that OP knows how to use parameterized SQL queries to determine the user role, but he doesn't apply that same knowledge to check for user name and password. Furthermore, he is not encrypting the user passwords! So ripe for a SQL injection attack...

 

[jmcilhinney]

This will be the last time I format your code for you. If it's too much trouble for you to format for code snippets for us, why would you expect us to volunteer our time to help? Also, don't post irrelevant code. We don;t need all those namespace imports, we don;t need a constructor with no extra code in it, we don;t need an empty event handler and we don't need an event handler with nothing but a Close call in it. Don't make us waste our time reading irrelevant code that is already hard to read because you haven't bothered formatting it. As you may be detecting, no one is overly keen to make an effort for you when you make no effort for us.

 

[jmcilhinney]

In fact, I've deleted the irrelevant code myself. It wasn't hard, so maybe you'd do us the courtesy of doing it yourself in future.

 

[NoUserHere]

I would have closed it John. Why should you bother if our OP is not bothered to follow simple instructions; instructions they were asked to follow more than three times.... OP showing total disregard.

 

[Godis]

Hi jmcilhinney and Sheepings,

Thanks for your stern reprimands. I wished I did not commit the mistake again if I knew how to go about it. I tried several times but did not know how to locate the code tag and how to do it to expectation; seeing am very new on the forum.

I wish somebody could walk me through the process so that I could do the right thing. I have also learnt that next time I should also post only the section of code I am facing problem with.

Thanks.

 

[jmcilhinney]

You have applied the bold format to your most recent post sop you obviously know how to format text in a text editor, i.e. use the toolbar. Have you not though about looking through the toolbar to see what else it has available? It should be fairly obvious that the tool to format code would be there somewhere. Also, you could have just edited or quoted any of the posts I've already fixed for you to see what they look like in markup and then added the appropriate tags yourself. You may be new to this forum but it works in exactly the same way as so many other editing tools in applications or on the web.

 

[Godis]

Thanks for your tolerance and assistance. I believe the mistake would not occur again.

However my problem is not addressed yet. Currently, when any user logs in with the correct password they are all directed to the Dashboard page where there are four role user command buttons (Admin, Accountant, HR and ReadOnly). My expectation is that, apart from the Admin, when any of the other users logs in, all the other command buttons should be disabled, except the button of the user who has logged in. Can anyone help me with the code within the

private void loginButton_Click(object sender, EventArgs e)

to perform the task?

I will be very grateful.

 

[NoUserHere]

I will help you on the condition that you sort out your codes parameters. Line 11 uses no parameters while line 22 does. Fix that for a start. Always avoid SQL injection by using parameters. Parameters should be a priority for any database driven website/or project.

As for the checks you want to determine the users role is simply a matter of using conditional logic (link in my signature), although I would probably prefer implement a switch statement, and based on the role of a user, you would allow a given set of permissions for your controls that should be enabled for a given set of users, depending on the roles they belong to. This would solve your permission issues for users in different roles. Hope this is making sense, as I am really exhausted today, and my concentration is at an all time low. But I'll check in tomorrow with you when i am refreshed, to see if you made progress and also made the alterations I proposed, and perhaps I might give you some helper code to get you moving in the direction you want to go (if you are still stuck).

 

[jmcilhinney]

As suggested by Sheepings, the obvious option should be to simply write an if statement for each Button and set the Enabled property based on whether the Text property matches the current role. Conditional logic like that is one of the absolute fundamentals of programming in any language so if you can't spot when an if statement can/should be used then you have not spent enough time learning the basics to be writing any code at all. I suggest that you stop what you're doing and follow the tutorial link in my signature below, in order to get a grounding in the basics first.

Of course, there are more advanced options than simple if statements, including the switch mentioned earlier. Here's how I might perform the task currently at hand:

var buttons = new[] {button1, button2, button3, button4};

Array.ForEach(buttons, b => b.Enabled = (b.Text == role));

 

[NoUserHere]

@jmcilhinney If you look at the query :

SqlCommand("select role from UsersLogin where UserName='" + userTextBox.Text + "'and Password='" + pwdTextBox.Text + "'", con);

If the user is taking the role (which i assume is the user's "rank"), you could as you said; with a switch statement switch based on the "ranks", and if the user contains one of these ranks, you could iterate all the controls of the dashboard, (assuming the dashboard is what's holding the controls), and disable the controls which said users rank should not have access too.)

 

[Godis]

Yes! I agree with you jmcilhinney.
I think I must pause and take the courses you have suggested to ground myself and then come to my project.

Thanks for your advise.