search envelope-o feed check
Home Unanswered Active Tags New Question
user comment-o

Calendar for different users? (Users can only view/edit their own events)

Asked by Sam Ellis
10 years ago.

Hello,

I'm working on an in house calendaring solution and DayPilot looks like a great option but I'm not able to find any information on how membership is best implemented. We have various users that will be scheduling their own appointments for their own work areas and we do not want the other users to be able to see their events. Additionally, we'd like to have some users who can help schedule for a few of the other employees.

I've read around the site and KB some but haven't found a good answer. Any thoughts on how this is best accomplished? We currently have a .NET MVC app in place that uses the built in authentication engine and we'd like to integrate it with that if possible. Is it just a matter of adding a foreign key to each event that is associated with the user such that users can only use CRUD functions on their own events and then setup the administrative users to have access to events with specific user foreign keys?

Thanks in advance for any input!
Sam

how-to mvc
Answer posted by Dan Letecky [DayPilot]
10 years ago.

This has to be done on several levels:

1. You can use the authentication system you already have in place to identify the current user.

2. Let's simplify the authorization rules (ACL) to general "roles" (this is supported but the MVC membership system; I'm not sure if it goes deeper, i.e. rules applied to specific objects).

3. In the controller that handles the calendar backend, you need to check the permissions to read and write to the calendars. In the simplified model, the users can always access her own events (where event owner = logged user) and the users in the administrator role can access any event.

4. You need to do the same for the calendar views (but remember that this is not enough, you always need to do #3 because it's not safe to only disable it in the UI). Display the events only to their owners. Display all events if the user is in the administrator role. Depending on the view type, this will mean a limited SELECT when reading the events or resources (for the Scheduler).

By default, all the controls have the editing handlers disabled (e.g. EventMoveHandling = Disabled) so only enable them when the user has the permissions.

This question is more than 1 months old and has been closed. Please create a new question if you have anything to add.
Tools
E-mail notifications
Feed
Related Questions
Ignoring left click behaviour for events
Idea needed - what control to use to display lots of events?
Submitting a Form with event data
How to: Disable the appearance of a context menu for types of users?
Hold time range after javascript handler
Add multiple events on same date and time
Disable User Adding Events to a Row
daypilotcalendar for multiple users
How to get the calendar cells and change the background color from a specific Event?
forcing mousedown after calling scheduler's selectTimeRange method
onRowFilter - error on cells.all()
Drag drop users to the Daypilot calendar event
Drag-drop from month calendar
login to scheduler

Products

Learn

Get Support

DayPilot Pro

Event calendar/scheduling AJAX components. Available for JavaScript/HTML5/jQuery, ASP.NET, ASP.NET MVC. Build resource booking, project management, time tracking applications, personal and shared event calendars.