XtraReports > 示例 > 如何：设置最终用户脚本的安全权限

这个示例展示了如何为最终用户脚本设置安全权限，当报表被预览时这些脚本被执行。要这样做，则需要创建一个 ScriptSecurityPermission 对象，指定它的 ScriptSecurityPermission.Name，并把它添加到报表的 XtraReport.ScriptSecurityPermissions 集合中。

在本例中，有两种执行脚本的方式。首先，如果报表被预览时 (例如通过 XtraReport.ShowPreview 方法) 脚本被执行，那么就需要人工管理引发的安全异常。在这种情况下，报表的预览窗体根本不被显示。

如果脚本已经被添加到了最终用户设计器中的任何报表控件，然后当激活预览标签页时脚本被执行。在这种情况下，如果特定脚本的执行被拒绝，那么将由 XtraReports 管理此异常，并且将显示一条错误信息。在这种情况下，文档不会被创建、而报表预览则为空白。

C#	复制代码
using DevExpress.XtraReports; using DevExpress.XtraReports.UserDesigner; // ... void InitializeReport(XtraReport1 report) { // A script which tries to create a file on a hard disk. string script = "using System.IO;\r\n"+ "private void OnBeforePrint(object sender, System.Drawing.Printing.PrintEventArgs e) {\r\n"+ "FileStream fs = File.Create(\"test.txt\");\r\n"+ "fs.Close();\r\n}"; // Add script to the label's BeforePrint event. report.xrLabel1.Scripts.OnBeforePrint = script; // Create a new Security Permission which denies any File IO operations. ScriptSecurityPermission permission = new ScriptSecurityPermission("System.Security.Permissions.FileIOPermission"); permission.Deny = true; // Add this permission to a report's list of permissions for scripts. report.ScriptSecurityPermissions.Add(permission); } private void btnPreview_Click(object sender, System.EventArgs e) { // Create a new report. XtraReport1 report = new XtraReport1(); // Add scripts and scripting security permission to the report. InitializeReport(report); // Show the report's preview. try { report.ShowPreview(); } catch (System.Security.SecurityException ex) { MessageBox.Show(this, ex.Message); } } private void btnDesigner_Click(object sender, System.EventArgs e) { // Create a new report. XtraReport1 report = new XtraReport1(); // Add scripts and scripting security permission to the report. InitializeReport(report); // Show the report's preview in the End-User Designer. XRDesignForm desginForm = new XRDesignForm(); desginForm.OpenReport(report); desginForm.Show(); desginForm.ActiveDesignPanel.SelectedTabIndex = 1; // In this case a security exception will be handled automatically. }

复制代码

using DevExpress.XtraReports;
using DevExpress.XtraReports.UserDesigner;
// ...

void InitializeReport(XtraReport1 report) {
   // A script which tries to create a file on a hard disk.
   string script = "using System.IO;\r\n"+
      "private void OnBeforePrint(object sender, System.Drawing.Printing.PrintEventArgs e) {\r\n"+
      "FileStream fs = File.Create(\"test.txt\");\r\n"+
      "fs.Close();\r\n}";

   // Add script to the label's BeforePrint event.
   report.xrLabel1.Scripts.OnBeforePrint = script;
         
   // Create a new Security Permission which denies any File IO operations.
   ScriptSecurityPermission permission = 
      new ScriptSecurityPermission("System.Security.Permissions.FileIOPermission");
   permission.Deny = true;
         
   // Add this permission to a report's list of permissions for scripts.
   report.ScriptSecurityPermissions.Add(permission);
}

private void btnPreview_Click(object sender, System.EventArgs e) {
   // Create a new report.
   XtraReport1 report = new XtraReport1();

   // Add scripts and scripting security permission to the report.
   InitializeReport(report);

   // Show the report's preview.
   try {
      report.ShowPreview();
   }
   catch (System.Security.SecurityException ex) {
      MessageBox.Show(this, ex.Message);
   }
}

private void btnDesigner_Click(object sender, System.EventArgs e) {
   // Create a new report.
   XtraReport1 report = new XtraReport1();

   // Add scripts and scripting security permission to the report.
   InitializeReport(report);

   // Show the report's preview in the End-User Designer.
   XRDesignForm desginForm = new XRDesignForm();
   desginForm.OpenReport(report);
   desginForm.Show();
   desginForm.ActiveDesignPanel.SelectedTabIndex = 1;
   // In this case a security exception will be handled automatically.
}

Visual Basic	复制代码
Imports DevExpress.XtraReports Imports DevExpress.XtraReports.UserDesigner ' ... Sub InitializeReport(report As XtraReport1) ' A script which tries to create a file on a hard disk. Dim script As String = "using System.IO;" + ControlChars.Cr + ControlChars.Lf + _ "private void OnBeforePrint(object sender, System.Drawing.Printing.PrintEventArgs e) {" + _ "FileStream fs = File.Create(""test.txt"");" + _ "fs.Close();}" ' Add script to the label's BeforePrint event. report.xrLabel1.Scripts.OnBeforePrint = script ' Create a new Security Permission which denies any File IO operations. Dim permission As New ScriptSecurityPermission("System.Security.Permissions.FileIOPermission") permission.Deny = True ' Add this permission to a report's list of permissions for scripts. report.ScriptSecurityPermissions.Add(permission) End Sub Private Sub btnPreview_Click(sender As Object, e As System.EventArgs) Handles btnPreview.Click ' Create a new report. Dim report As New XtraReport1() ' Add scripts and scripting security permission to the report. InitializeReport(report) ' Show the report's preview. Try report.ShowPreview() Catch ex As System.Security.SecurityException MessageBox.Show(Me, ex.Message) End Try End Sub Private Sub btnDesigner_Click(sender As Object, e As System.EventArgs) Handles btnDesigner.Click ' Create a new report. Dim report As New XtraReport1() ' Add scripts and scripting security permission to the report. InitializeReport(report) ' Show the report's preview in the End-User Designer. Dim desginForm As New XRDesignForm() desginForm.OpenReport(report) desginForm.Show() desginForm.ActiveDesignPanel.SelectedTabIndex = 1 ' In this case a security exception will be handled automatically. End Sub

Visual Basic

复制代码

Imports DevExpress.XtraReports
Imports DevExpress.XtraReports.UserDesigner
' ...

Sub InitializeReport(report As XtraReport1)
   ' A script which tries to create a file on a hard disk.

   Dim script As String = "using System.IO;" + ControlChars.Cr + ControlChars.Lf + _
      "private void OnBeforePrint(object sender, System.Drawing.Printing.PrintEventArgs e) {" + _
      "FileStream fs = File.Create(""test.txt"");" + _
      "fs.Close();}"
   
   ' Add script to the label's BeforePrint event.
   report.xrLabel1.Scripts.OnBeforePrint = script
   
   ' Create a new Security Permission which denies any File IO operations.
   Dim permission As New ScriptSecurityPermission("System.Security.Permissions.FileIOPermission")
   permission.Deny = True
   
   ' Add this permission to a report's list of permissions for scripts.
   report.ScriptSecurityPermissions.Add(permission)
End Sub


Private Sub btnPreview_Click(sender As Object, e As System.EventArgs) Handles btnPreview.Click
   ' Create a new report.
   Dim report As New XtraReport1()
   
   ' Add scripts and scripting security permission to the report.
   InitializeReport(report)
   
   ' Show the report's preview.
   Try
      report.ShowPreview()
   Catch ex As System.Security.SecurityException
      MessageBox.Show(Me, ex.Message)
   End Try
End Sub


Private Sub btnDesigner_Click(sender As Object, e As System.EventArgs) Handles btnDesigner.Click
   ' Create a new report.
   Dim report As New XtraReport1()
   
   ' Add scripts and scripting security permission to the report.
   InitializeReport(report)
   
   ' Show the report's preview in the End-User Designer.
   Dim desginForm As New XRDesignForm()
   desginForm.OpenReport(report)
   desginForm.Show()
   desginForm.ActiveDesignPanel.SelectedTabIndex = 1
   ' In this case a security exception will be handled automatically.
End Sub

参阅