I'm using the grid to fetch data from an ASPNET MVC intranet application which has Authorize attributes on the create/edit/delete actions. The application uses WIndow authentication.
Rather than let the browser prompt the user for new credentials, I want to display a dialog or similar to inform the user politely they do not have the correct authorisation to perform that action.
Is there a way to configure the grid to handle 401 (or 403 if it is more suitable) in such a way?
Also, as a side note, my grid is in batch edit mode by default. Is there a way to put the grid into readonly if the user does not have permission for editing? Or do I need to define the grid twice and show a different partial view based on roles?
Thanks,
Nick
Rather than let the browser prompt the user for new credentials, I want to display a dialog or similar to inform the user politely they do not have the correct authorisation to perform that action.
Is there a way to configure the grid to handle 401 (or 403 if it is more suitable) in such a way?
Also, as a side note, my grid is in batch edit mode by default. Is there a way to put the grid into readonly if the user does not have permission for editing? Or do I need to define the grid twice and show a different partial view based on roles?
Thanks,
Nick
3 Answers, 1 is accepted
0
Hello Nick,
or hide the buttons and stop the events:
Regards,
Daniel
the Telerik team
You could use the dataSource error event to check the error status and display a Window. The grid does not support disabling editing dynamically on the client. You could either recreate the Grid with editing disabled:
.Editable(e => e.Mode(GridEditMode.InCell).Enabled(isAuthorized))function error(e) { if (e.errors){ .... } else if (e.xhr.status == 401) { //show message var grid = $("#grid").data("kendoGrid"); grid.table.on("click", "tbody > tr", function (e) { e.stopPropagation(); }); grid.element.find("> .k-grid-toolbar").hide(); } }Daniel
the Telerik team
Join us on our journey to create the world's most complete HTML 5 UI Framework - download Kendo UI now!
0
Nick
Top achievements
Rank 1
Rank 1
answered on 01 Mar 2013, 01:48 PM
Thanks for the reply Daniel.
Issue 1 - 401 Errors
I have modified my error handler to catch 401 and display a message, all good. But the handler does not fire until the user dismisses the browser's prompts to re-authenticate. Is there any way to prevent this?
Issue 2 - Readonly/Edit b Role
I have modified my .Editable option as follows:
Which does indeed write the grid in readonly when the user doesn't have the role :D
Unfortunately it doesn't hide the toolbar. Clicking on the Add New Item button now causes an error.
I couldn't find a similar method on the toolbar settings anywhere, have I missed something?
Thanks,
Nick
Issue 1 - 401 Errors
I have modified my error handler to catch 401 and display a message, all good. But the handler does not fire until the user dismisses the browser's prompts to re-authenticate. Is there any way to prevent this?
Issue 2 - Readonly/Edit b Role
I have modified my .Editable option as follows:
.Editable(e => e.Mode(GridEditMode.InCell).Enabled(User.IsInRole("EditMonitor")))Unfortunately it doesn't hide the toolbar. Clicking on the Add New Item button now causes an error.
I couldn't find a similar method on the toolbar settings anywhere, have I missed something?
Thanks,
Nick
0
Hello Nick,
Regarding your question about the ToolBar, there is not an enabled method but if there are not commands or template added then it will not be used:
Regards,
Daniel
the Telerik team
I do not think that there is a way to prevent the default behavior without a custom attribute. I can suggest to create one and replace the result with a custom error:
public class CustomAuthorizeAttribute : AuthorizeAttribute{ public override void OnAuthorization(AuthorizationContext filterContext) { base.OnAuthorization(filterContext); if (filterContext.Result is HttpUnauthorizedResult && filterContext.HttpContext.Request.IsAjaxRequest()) { filterContext.Result = new JsonResult() { Data = new { Errors = new { unauthorized = "message" } } }; } }}function error(e) { if (e.errors && e.errors.unauthorized) { ... }}.ToolBar(toolbar => { if (User.IsInRole("EditMonitor")) { toolbar.Save(); } })Regards,
Daniel
the Telerik team
Join us on our journey to create the world's most complete HTML 5 UI Framework - download Kendo UI now!