I have an MVC application with a single page to render numerous reports based on user selection. On the load of the page, no report is rendered until the users selects the desired report and sets some custom parameter controls then clicks a button to run the report. In the button event handler, I am collecting the parameters and using $('#reportViewer1').telerik_ReportViewer(...); to display the report. This works perfectly for the first run, but subsequent runs fail to reload the report, regardless of the parameter values changing.
I have tried to test for the existence of the reportviewer as below but this didn't do the trick either. Is there a way for me to reuse the reportviewer or destroy it and start fresh each time?
var reportViewer = $("#reportViewer1").data("telerik_ReportViewer"); if (reportViewer !== undefined) { reportViewer.reportSource({ report: "Website.Reports.ParameterCheck, Website", parameters: { ... } }); } else { $('#reportViewer1').telerik_ReportViewer({ serviceUrl: "/api/reports/", templateUrl: "../Reports/telerikReportViewerTemplate-FA.html", //AuthenticationToken: "myToken", viewMode: telerikReportViewer.ViewModes.INTERACTIVE, scaleMode: telerikReportViewer.ScaleModes.SPECIFIC, scale: 1.0, reportSource: { report: "Website.Reports.ParameterCheck, Website", parameters: { ... } }, ready: function () { alert("refreshing"); this.refreshReport(); } }); }15 Answers, 1 is accepted
Rank 1
In general, there would be no need to destroy the viewer when you need to change the report. Once created, the viewer's object can be accessed as following:
var reportViewer = $("#reportViewer1").data("telerik_ReportViewer");Then, changing the viewer's report sources can be achieved as following:
reportViewer.reportSource({ report: 'new report identifier here' });The project attached here demonstrates how to change the reportSource of the viewer with a button click event.
If the issue persists send us a sample project that illustrates the issue in a support ticket #1132161.
Regards,
Katia
Progress Telerik
Rank 1
Thank you Katia,
I'm not sure what I was doing wrong before, but things are working now. Since there is not a specific report which would load with the page I have created an empty report to use in the document.ready method. This is less than ideal, but workable since the section with the reportviewer is hidden at that point.
I have another questions which is somewhat related. If this needs to be a separate ticket, let me know.
I am using custom parameter controls. One of the parameters which I need to pass to all of the reports should never be able to changed by the user. My custom parameters do not include this field and I am setting its value in a custom Resolver class. However, if I would add a value for this parameter in the JSON/javascript when loading the report, it will accept that value and override the value I set in the Resolver. Is there a way to either prevent this from occurring or intercept the parameter being passed in from the client and set it then?
Mike
ReportSource.Parameters are not accessible inside custom resolver's Resolve() method. You will need to pass this parameter with reportSource.report string which will be available inside the resolver.
Regards,
Katia
Progress Telerik
Rank 1
Katia,
I am able to get the value I need within the Resolve method through Identity in order to set the parameter. What I need is to prevent that parameter from being set outside of that method. We cannot have someone spoof a different value which they should not have access to.
Mike
You can set the Visible property of report parameter to false in Report Designer. This way it will not appear in the viewer and the end user cannot modify it.
Regards,
Katia
Progress Telerik
Rank 1
Katia,
We are using a custom UI to provide the parameters for the report and sending them over through javascript. We do not have UI to set this parameter, but if the value is present in the JSON for the ReportSource parameters, it will accept that value and overwrite the one set in the Resolver. Is there a way to prevent that?
Mike
No you cannot prevent the overriding of those values, ReportSource.Parameters are applied to the already resolved ReportSource object returned by the resolver's Resolve() method.
You need to make sure the correct values are passed with ReportSource.Parameters or are set in report's ReportParameters collection.
Regards,
Katia
Progress Telerik
Rank 1
Katia,
Is there no other place within the REST service calls where we would have a chance to intercept this value? I would think that this is something should be addressed somewhere. For our scenario, this value would be the client's ID. If someone is able to spoof this value by making a request to the REST service, they would be able to view retrieve data for another client. Maybe I am going about this incorrectly. I would think that there is some way to close this security hole.
Mike
Rank 1
Katia,
Any word on this? This is currently a huge concern moving forward with Telerik Reporting and we need to be able to resolve this as soon as possible.
Mike
To protect the data shown in the report you can use the value of report parameter in the data-retrieval logic (Using Parameters with Data Source objects) or in report events (Using Report Events).
To avoid overriding of the parameter value set in resolver by reportSource.parameters values, do not provide an option to set these values in the viewer (set Visible property of the parameter to false).
The custom report resolver is executed on the server, after the client sends a report string. This is the place where you can set the parameter value without the client knowing about it.
Further approaches for securing the service methods are provided in support ticket #1131296 which you raised earlier.
Note that your current subscription allows you to open support tickets, you can submit one from this page after logging to your account that has an assigned subscription.
Submitting a support ticket guarantees you a response time according to your support plan. We do not always have a chance to reply in timely manner in forums. Thus, for urgent issues it is better to use the ticketing system.
Regards,
Katia
Progress Telerik
Rank 1
Katia,
I think I found a solution to this. Since this parameter was necessary for our reports to run yet critical that the value could not be altered by a user, we needed something downstream of the Resolver class we had defined. In tracing through the requests to the REST service, and looking at the methods for the ReportsControllerBase, we were able to override the CreateInstance method and set our value there. From what we determine through Fiddler, at this point there were no longer any requests which dealt with the parameters and are fairly confident that there would be no way for a user to alter any of the requests to the REST service and change this value.
public override HttpResponseMessage CreateInstance(string clientID, ClientReportSource reportSource){ reportSource.ParameterValues["ClientID"] = User.Identity.GetUserClientID(); return base.CreateInstance(clientID, reportSource);}
Rank 1
Katia,
Since the parameter we were trying to set was necessary for the reports to run but critical that the value not be changed by a user in any way during requests to the REST service, we needed something downstream from the Resolver which we had defined. By watching the requests in Fiddler and looking at the methods for the ReportControllerBase we ended up overriding the CreateInstance method in the ReportController to set the parameter there. We are fairly certain that none of the request to the REST service after this deal with the parameters and feel that this should ensure that this parameter's value is set by us and cannot be altered when making requests to the REST service.
public override HttpResponseMessage CreateInstance(string clientID, ClientReportSource reportSource){ reportSource.ParameterValues["CustomerID"] = User.Identity.GetUserCustomerID(); return base.CreateInstance(clientID, reportSource);}
Mike
Rank 1
Hello Katia,
I tried a similar solution but its not working for me. I am trying to change the report source in the HTML 5 report viewer. I only get the original report that I load no matter what report I select. Please can you take a look at my attached file and see what I may be missing. I appreciate any help regarding this.
THank you!!
Based on the provided screenshots, I tested the approach with setting different reportSource from a custom drop-down editor and it seems that it works on my side. Please find the sample application attached. Compare the settings with yours and let us know if you need further assistance.
The application is created against the latest version of Telerik Reporting, e.g. 13.0.19.222 and the sample reports could be opened with the Standalone Report Designer version R1 2019 or higher.
Best Regards,
Silviya
Progress Telerik