Vulnerability in EPiServer.Forms
I'd like to extend the IUser with a list of companies and the user's function in the company. What's the easiest way to create such attribute?I've already seen the blogs about creating a custom module (http://world.episerver.com/Articles/Items/Creating-a-Custom-EPiServer-Community-Module---Part-One/), but that seems like overkill for this case. I tried to create a custom attribute using this blog, but I get an error saying that the input string was not in a correct format when I try to save the details in 'EPiServer.Common.Data.AttributeFactory.UpdateEntityAttributes'.
The idea is to be able to enter a company name and, per company, select a function from a dropdownlist.
Sounds like you could do with just storing strings? You can store a string attribute as a single value (SetAttributeValue/GetAttributeValue) or multiple values (SetAttributeValues/GetAttributeValues) that are stored with the same key. Just store your company-funcion pair as for example a comma separated string and store multiple such pair using SetAttributeValues. Or you could store an xml document as a single string if you need more flexibility (but querying would get more complicated an expensive).
Sounds good, but do you have an example of how to implement this? Do I need to inherit a specific class?
When I change the attribute type to inherit 'StringAttributeType', I have no option to specify the edit-control. The admin-pages only shows a single textbox instead of a textbox and a dropdownlist.
Ah, I didn't realize you also wanted to edit the attribute from admin mode. I thought you only wanted to set it from code (and in that case you don't need a class, just set the string value). I don't know if there is any built in support to extend the admin interface. But perhaps you can figure out which control is displaying the attribute editing, create your own modified clone and use the Virtual path mapping provider to replace the control with your own.
Editting in the admin isn't necessary, but using it in a query is. I've just tested setting the attribute in code, which works fine. But using the value (part of it since it's a comma-separated value) in a query isn't that easy.
I tried again using the example mentioned before. My code is exactly the same as the one from the example, but for some reason the method AddEntityInstance is never called. Can anyone explain this? Should this method be called as soon as I create another attribute (in the admin or in code) ?
Ok, finally I managed to get the attribute working. I had to much code from the example, where the attribute was also an entity. In my case, that wasn't necessary.
But how can I use this attribute in a query? My custom class consists of two strings, but a stringcriterion isn't working. Should I create a custom criterion-class? I can't find any examples on this.
I've just done like this: http://mariusslette.wordpress.com/2010/06/25/extending-the-community-user-object-for-strongly-typed-attributes/
Works fine using attributes on IUser
Creating properties for the attributes wasn't my problem, but using the attributes in a query is. I think it shouldn't be that difficult, but it doesn't seem to work.