This sections describes Clarion/ASP essential features and program elements.
Security
Clarion/ASP provides for a straightforward yet highly flexible security scheme based on a pyramid of user/group access rights with up to 99 user levels.
When you enable security on a global level, each generated
procedure will include a login routine. Access by the end user to any procedure page with security enabled will invoke a login screen.
Once the user enters a successful login on one page, they may access any page their security level allows rights to, providing that any period of inactivity does not extend beyond a configurable timeout. If it does, they must log in again.
You may designate a table within the database to store a user ID (we suggest that an email address is highly useful for general public web applications), password, and access level (an integer between 1 and 99). Optionally, the table may store the user name (either first and last names separately, or first and last combined), and an email address if not used for the user ID.
The login messages/instructions are configurable, as in the illustration below:
After specifying that security is to be enabled, and designating the table which holds the user information, the developer may then set custom access levels by procedure (the default for all, once security is enabled, is 1). Within each procedure, the developer may
separately specify separate access levels for viewing, editing, adding, and deleting data.
Thus, should the developer specify that ordinary users are level 30, supervisors level 50, managers level 70 and senior managers level 90, a developer may specify that a particular form might be viewed by all, a new record added by supervisors and higher, an existing record edited by managers and higher, and deleted only by senior managers. With 99 possible values and four possible access levels per update form, the security system allows for many possible access scenarios.
Login traffic between the browser and the server is unencrypted.
My Records Security
The purpose of “My Records” filtering is to limit the viewing and/
or editing of data to the “owner” (a single person or a group of users), as in the following examples:
• A column on any table can include a user ID (typically an email address). Enabling the “My Records” filter on any procedure
referencing the table can therefore restrict access to any row that matches the user ID to the user ID with which the user logged in. Thus in a table of “tasks,” user one views only those tasks belonging to user one, and user two, only those belonging to user two.
• The Microsoft SQL Server Northwind sample database’s employee table contains a “reports to” column. You may filter a browse which allows “managers” to see only their “direct reports” by specifying the “reports to” column as the data column to compare, and using the employee table as the security table, the employee ID as the user ID, and then using the “UserID” session variable to test against the “reports to”
column. Similarly, you may declare an additional session
variable, such as “Department,” edit the login.asp page to assign the session variable based upon department data which you would store in the security table, and then choose that session variable to compare to a department value in your primary browse table. You could similarly substitute “region,” “sales territory,” etc.
Once you’ve correctly set up the “My Records” options for each procedure, you need do no more; Clarion/ASP automatically hides the necessary fields, applies the necessary query filters, and takes care of setting the data defaults for new records. The illustration below shows the “My Records” field in a tasks table:
Note that should you be applying the functionality to existing data and are adding a column to a table that you must add the values
necessary for the existing records, else they will not appear within any users’ “My Records” filter.
Finally, note that you may place “My Records” on a form yet not place it on a browse, due to the fact that each “procedure” within Clarion/ASP is isolated from the other due to the nature of the web. This means that you may allow an end user to view all records within a browse, but restrict editing, deleting, or viewing details by placing the “My Records” filter on the form.
User Interface
Because the entire user interface is contained in HTML and CSS files separate from the application logic (contained in the ASP files), a web designer may customize the user interface in any standard HTML layout tool (and/or CSS editor) without affecting the application. The example below shows a runtime template being edited in an HTML layout tool. Note that the runtime colors and fonts are not visible because the layout tool doesn’t display the formatting from the CSS file:
An application option allows subsequent regeneration of the project without overwriting the web designer’s customizations, should it be necessary to change any of the application logic.
Another key concept for developers used to creating desktop applications to understand when creating ASP applications is that HTML controls are different than Windows application controls.
There is significantly less capability for customization and far less control over positioning. This leads us to a “good news and bad news” situation for desktop developers familiar with Clarion.
The good news, despite these limitations, in Clarion/ASP we’ve accomplished an extraordinary amount of mimicry of control formatting and layout using HTML 4.0 and stored it all in in the HTML page and style sheets for maximum flexibility. The bad news is that because there’s no way to equate all the properties in the dictionary control formatting options with HTML we can’t guarantee that everything will be perfect. For example, we can’t provide for transparency, immediacy, selected coloring, or control-specific cursors, to name a few. We can’t recreate controls such as regions.
Developers will find that your control formatting will be less visual, and more dependent on selecting properties from lists. Layouts are either horizontal, as in a browse, or vertical as in a form, one control to a line. You may specify the types of control, and a number of options for appearance and behavior, but it’s not the same as designing a dialog box. Good use of style sheets, however, can make for a very attractive page.
HTML Templates
Though it may seem that everything is being called a template, Clarion templates and HTML templates are different things. This section focuses only on the HTML template.
When a user requests a page with data, the ASP code gathers the data and merges it into a standard HTML page. The merge “target”
is called the runtime HTML template. The template is a normal HTML page, which contains a symbol for each piece of data which the merge function replaces with the actual data (either as text or a control) and formatting instructions (i.e., CSS style) during the merge process.
In browse procedures, for example, you will find tokens in the format @TablenameFieldname@ occupying the table. Each token stands for the data which will replace the token. Should you wish to modify the layout, you may modify the HTML page.
The runtime HTML template is a standard HTML file. The web designer can edit the runtime template with a standard HTML editor, moving and formatting the symbols as desired, without affecting the application.
These HTML files are regenerated. The developer, however, may turn off HTML generation at the procedure level so as not to override the web designer’s customizations.
Cascading Style Sheets
HTML style sheets, known as cascading style sheets (because one style may cascade its characteristics into another, and so forth), play a large role in many sites, and a large role in the Clarion/ASP pages.
The style sheets declare classes, which consist solely of formatting instructions. You can then apply the style to a tag (be it a paragraph, cell in a table, a table, etc.), and that element will then be formatted according to the instructions in the style sheet. This allows any site to greatly change its look simply by substituting a new style sheet for an old one.
Clarion/ASP allows you to define styles for elements such as table column headers, update form control labels (prompts), data rows, etc. You may then integrate an existing site style sheet with the one
Clarion/ASP produces or vice versa. You may also place references to both your Clarion/ASP produced style sheet and your corporate style sheet in each file, and the browser will merge the attributes of each when displaying the page to the end user.
The pages that Clarion/ASP creates have a look and feel almost entirely governed by style sheets and a base HTML template. The goal is that a developer can start with two things: a copy of a representative page from the web and the global style sheet for the site, and with them, quickly make the Clarion/ASP pages look like the rest of the site.
Browse
This section describes the Clarion browse table, as implemented in Clarion/ASP.
Purpose
The browse presents an easy to use means to display and navigate tabular information. It presents the user with a page of data at a time (the number of rows for which are specified by the developer).
The developer specifies a filter condition, which selects a subset of rows from the database. A navigation bar allows the end user to forward or reverse by a page, or jump to the end or back to the beginning. A query by form button allows the end user to select a subset of the subset by entering a sample value(s) for a field(s). A locator entry optionally allows the end user even quicker navigation, allowing them to type in a portion of data for a particular field, and then presenting the new subset immediately. Each row of data may
optionally allow for links to other browse tables or forms. For example, clicking on a company name may provide the end user with a detailed view of the company data. Similarly, each row may contain a link(s) leading to another browse(s), containing data from related tables, such as that company’s products, or its orders, and so forth. In the illustration below, each row contains links to four related tables, plus, at far right, an automatically generated link to an update form for the row.
Because the Clarion data dictionary is conversant with the table relations in the database, the developer may easily display a denormalized view of the data within the browse by specifying fields from multiple tables. Clarion/ASP automatically creates the proper JOIN statements for ADO access.
Clarion/ASP also refers to the Clarion data dictionary for options to format the data on a field by field basis.
In many cases, a Clarion browse allows the end user to proceed to an update form (or a view only form) by clicking on a data row. It takes only a small number of mouse clicks for the developer to implement this functionality.
Filtering
Filtering the browse is accomplished through the where clause in the SQL query. It is, of course, also possible to create a view or stored procedure in the database to accomplish the same means.
Clarion/ASP provides several levels of filtering opportunities.
• No filter at all.
• A view declared in the dictionary.
• A default where clause placed on the browse procedure properties.
• A called procedure placed on the browse procedure properties.
• A locator filter based upon text typed by the end user into a field associated with a specific column (as in where fieldname like ABC%).
• A Query by Form filter based upon example values typed into a form by the end user
• ID values: at the procedure level, the developer specifies a specific field may be identified to act as a URL parameter for a where clause value, as in URL?ID=value, where columname = value. Once the field is so identified, any linking page can pass the where clause value without even revealing the name of the field. The browse will then display. Clarion/ASP uses this method to pass data from procedure to procedure. In fact, Clarion/ASP can even pass a row value without displaying the value to the end user (for example, displaying a graphic instead).
• A specific where clause passed as a parameter from a linking page, via URL?WHR=clause.
• A MyRecords filter, as described in the section on security, above. This is an important feature for sites which wish to manage user data in isolation from data belonging to other users.
• A combination of all the types of filters as described above.
Links
Links are the conduits through which one page leads to another on the Internet. There is no program flow like a desktop application.
An important concept for database developers to grasp about ASP is that, like web pages, the browser and web server do not maintain a continuous connection. Further, the web server and the database do not maintain a continuous connection per each user.
The only limitation on linking to a Clarion/ASP page is a logical one: if you wish to display a form containing only one record, or display a filtered browse, you must supply a way to identify the record(s) within the link. You can do this as a simple HTML parameter. The parameter will always be called “ID.” The field it refers to will be the unique ID field which you defined for the procedure extension.
Optionally, a link from an outside page can pass a snippet of SQL which can then be appended to the WHERE clause. In Clarion/
ASP, this parameter is ?WHR. You may, for example, have a several links to a single browse. One link may have a parameter such as
?WHR=dbo.contacts.state=NY, another
?WHR=dbo.contacts.state=CA, etc. In each case, the same ASP page is the target, but each link returns different data (contacts from New York, contacts from California).
Conditional Formatting
The browse procedure feature a rich array of conditional formatting options. The developer creates specific data row
substyles in the style sheet for the project. Then, the developer may specify that the ASP applies styles according to:
• Provide a greenbar effect, applying two styles (usually the same text formatting, but with different background colors) to alternating rows. Greenbar formatting is the default, but can be overridden.
• Highlight specific rows which meet a test condition, such as the value in a particular column is equal to or greater than another value.
• Highlight specific “grid cells,” based upon a data value meeting a test condition. (This is the same as the second option, but applies the second style to a table cell instead of the entire row).
Form
The Clarion/ASP update form also provides for additions,
deletions, and view only mode, in addition to allowing the end user to simply update the data.
The update forms are actually four separate pages, one for each
“mode:” add, delete, change, view. Each procedure may override security and style sheet preferences within an application, allowing you to make an update for a particular table different. The security options also allow you to specify which level of user access can call for each type of update.
Appearance
The default update form allows for a column of labels and a column of entry controls. The runtime HTML template is fully editable in most HTML layout tools. This allows the developer/
designer to move data and column label tokens to wherever they wish. All formatting is applied via style sheets.
In the example below, a view only update form contains a link (at bottom, not visible) to an editable update form. This link appears only when the end user has sufficient security rights. The updatable form would contain entry fields with the data (which appear only as text fields in this illustration).
Selects
Where a foreign key/primary key constraint between two tables specifies that a value in the child table must be present in the parent table, Clarion/ASP can place a list box containing those values in the update form. In fact, the list box may contain a completely different field in the related table, yet return the value
corresponding to the proper field. This is important in working with normalized databases. An order form, for example, may contain a product ID number; yet it’s much easier for the end user to choose by product name than by number. This is illustrated below. The end user selects “Queso Cabrales” from a dropdown
list, but the ASP page writes product number 12345 to the row when the end user presses the select button.
Alternatively, the developer may choose that a popup window appear with a navigable table, so that when the end user clicks on a choice, the popup closes and the proper value is transferred to the edit box. This is the default because it is most suitable for cases in which the related table may have many rows.
The select functionality is also provided for lists of items which may be entered in the dictionary directly, as opposed to existing within another table.
Validity Checking
An intelligent but compact Javascript function library allows for validity checking on the client side, reducing unnecessary network traffic. Functions may check data entry for numeric ranges, nulls, and more. When an error is encountered, Clarion/ASP
automatically displays a message detailing the error so that the end user may correct the entry. Formatting functions are also applied both on read and write, allowing, for example, the limiting of a date entry in a field, even though the DBMS sees it as a date/time field.
Conclusion
Clarion/ASP Provides a rich array of options for generating many ASP pages each of which corresponds to a common business application task such as querying a database, displaying rows of data from a table or view, and displaying and or editing a single row.
The depth of automation in the process, the degree to which the resulting pages can be integrated into an existing site, and the level of customization offered to the web designer provide for superior productivity with a high degree of “attractiveness” in the end result.