Need advice about execution order and threads and design in web apps......

Hi,

I have difficulties managing events and methods execution order in my web project. Here is the situation :

I have this webcontainer that acts as a form used to modify project parameters by the user. At the opening of the form, i do those two verifications :

1- I verify if the record is used by another user (in app record lock). If NOT, the “Save Button” is enabled (the default value of the “Enable Status” of the button is false).

2- I verify if the user has the right access profile and if he is the owner of the project. If these two conditions are met, the “Save Button” is enabled otherwise it is disabled.

In “Normal Conditions” that works well. If the record is available the save button is enabled and if the user is not the owner of the project or doesn’t have the required security profile then the button is disabled and he can’t modify the project parameters.

The implementation
1- The user “right clicks” the listbox entry he has chosen to modify and a custom contextual menu is opened
2- He clicks the modify button. On MouseUp the project modification form object is created
3- On modification form.Open, record lock is checked and the “Save Button” enabled value will be set to “True” if the record is available
4- On shown, user’s profile is checked and the “Save Button” enabled value will be set to “True” or “False” according to user’s profile.

The problem :
If for any reason, the database response is slow, The app record function takes longer to execute (it checks if the record is being modified by another user. If not it “locks” it by writing the locking infos in the locks table) and the access check is performed before the lock check is finished. When that happens, users who normally would not have access to a record will be able to modify it because the security check is overridden by the lock that should be executed before.

I consider integrating both functionalities in the same method to avoid that kind of problems. It means revewing many parts of the project. If by any chance you can advise me with a better or shorter approach, I will be glad to hear it!

Thanks!

From your description seems that your application is the only one managing users accessing the database containing the shared data.
If this is the case you don’t need to delegate a record written somewhere only to manage mutual exclusion between users.
You can implement this logic more simply in your application at the app level and let sessions check and set the lock mantained at the application level.

On modification form.open: set Save Button disabled and properties Check1 and Check2 are both set to false.

Record Lock Check: If not locked, set check1 to true and call “CheckBoth” method.
User Profile Check: If authorized, set check2 to true and call CheckBoth method.

CheckBoth method: If Check1 and Check2 are both true, enable Save button.

This way it doesn’t matter which check happens first, and you only have to maintain or update one routine (“CheckBoth”) if you want to modify the conditions for Saving later.

If you don’t like having two properties, just have one integer property that starts at zero and gets 1 added each time a check is completed. If the value reaches 2, enable the Save button.

Thanks Maurizio!

Seems interesting but I’m not sure to understand well enough to implement your solution.[quote][/quote]

Right, the database is dedicated to this specific application but there are also mobile devices communicating with it. Those interactions are not taken into account by the locking process.

[quote]If this is the case you don’t need to delegate a record written somewhere only to manage mutual exclusion between users.
You can implement this logic more simply in your application at the app level and let sessions check and set the lock mantained at the application level. [/quote]
How? Here how it actually works :

Session.sLocking As Locking Class

  • methods : Check_if_Locked() As Boolean, CleanLocks(), LockRow() As Boolean, UnlockRow().
  • Properties : lockedRowID, recordAvailable,…

Usage
When a user selects a record and opens it in a modification form, an “ImplementLock” Method is called and the following actions are performed :

1- a Boolean property “editionMode” is set to Not “editionMode”
2a - If the resulting “editionMode” is “False”, row is unlocked (deleted from the lock table)
2b - If "editionMode is “True”, the record is identified and informations about the record and the user are written into the lock table
3 - “Save Button” enable value is set to “True” if the locking was successfull(no other user had the record locked). If not, the enable value of the “Save Button” is set to “False”

How to implement that at the App level so it will not interfere with my security checks?

[quote=373898:@Seth Ober]On modification form.open: set Save Button disabled and properties Check1 and Check2 are both set to false.

Record Lock Check: If not locked, set check1 to true and call “CheckBoth” method.
User Profile Check: If authorized, set check2 to true and call CheckBoth method.

CheckBoth method: If Check1 and Check2 are both true, enable Save button.

This way it doesn’t matter which check happens first, and you only have to maintain or update one routine (“CheckBoth”) if you want to modify the conditions for Saving later.[/quote]

Oh! it sounds interesting too! Let me check that…

Got it working using your design… The patient is back on his feet!

Easy to implement with my actual design, this is great advice!

Thank you very much!