CODEWITHSUNDEEP
layoutrazorwebmatrix
Gavin5511
Gavin5511

Reputation: 791

Adding a reusable block of code in Webmatrix

I have created an SQL query which checks if a user owns a record in the database, by checking if the querystring and UserID return a count of 1. This is the code below, and it works absolutely fine:

@{
Layout = "~/_SiteLayout.cshtml";

WebSecurity.RequireAuthenticatedUser(); 

var db = Database.Open("StayInFlorida");

var rPropertyId = Request.QueryString["PropertyID"];
var rOwnerId = WebSecurity.CurrentUserId;

var auth = "SELECT COUNT (*) FROM PropertyInfo WHERE PropertyID = @0 and OwnerID = @1";
var qauth = db.QueryValue (auth, rPropertyId, rOwnerId);
}

@if(qauth==0){
<div class="container">
    <h1>You do not have permission to access this property</h1>
</div>
}
  
else {
    SHOW CONTENT HERE
}

The problem is that I need to apply this check on at least 10 different pages, maybe more in the future? I'm all for using reusable code, but I'm not sure how I can write this once, and reference it on each page that it's needed. I've tried doing this in the code block of an intermediate nested layout page, but I ran into errors with that. Any suggestions as to what would be the best approach? Or am I going to have to copy and paste this to every page?

Upvotes: 3

Views: 140

Answers (1)

Mike Brind
Mike Brind

Reputation: 30035

The "Razor" way is to use a Function (http://www.mikesdotnetting.com/Article/173/The-Difference-Between-@Helpers-and-@Functions-In-WebMatrix).

Add the following to a file called Functions.cshtml in an App_Code folder:

@functions {        
    public static bool IsUsersProperty(int propertyId, int ownerId)
    {
        var db = Database.Open("StayInFlorida");
        var sql = @"SELECT COUNT (*) FROM PropertyInfo 
                    WHERE PropertyID = @0 and OwnerID = @1";
        var result = db.QueryValue (sql, propertyId, ownerId);
        return result > 0;
    }
}

Then in your page(s):

@{
    Layout = "~/_SiteLayout.cshtml";
    WebSecurity.RequireAuthenticatedUser(); 

    var propertyId = Request["PropertyID"].AsInt();
    var ownerId = WebSecurity.CurrentUserId;
}

@if(!Functions.IsUsersProperty(propertyId, ownerId)){
<div class="container">
    <h1>You do not have permission to access this property</h1>
</div>
}

else {
    SHOW CONTENT HERE
}

Upvotes: 3

Related Questions