LavaBlast Software Blog

Help your franchise business get to the next level.
AddThis Feed Button

LavaBlast Selected as a Red Herring Canada Top 50 Finalist

clock August 29, 2008 14:02 by author JKealey

We've been busy these lasts few weeks on a number of projects, but I thought I'd like you know that we were selected as an innovative Canadian software start-up.

Red Herring Magazine has named LavaBlast Software a finalist for the "Red Herring Top 50 Canada" award, a prestigious list honoring this year’s most promising private technology ventures in Canada. The Red Herring editorial team used an intensely competitive process to select the most innovative companies from a pool of over 300, leaving 100 finalists vying for this prestigious award. The names of all 100 companies short–listed as finalists for the "Red Herring Top 50 Canada 2008" can be found online at:

RHCanada finalist logoRead more in our press release

While I was enjoying the weather, Toronto Tech Jobs took the time to peruse everyone's website to figure out who's hiring software engineers!

Congratulations to the other finalists. Post Security

clock August 13, 2008 15:23 by author EtienneT 1.3/1.4 supports user roles.  But we can't seem to be able to make it mandatory for users to sign in to see blog posts.  That's not something you usually want on a public blog, but for a corporate blog, maybe you want to make sure your news only gets to the people you want.  This seemed like a perfect candidate for a BlogEngine extension.

User Filtering

In our scenario, we don’t want any unregistered users to be able to see blog posts.  This can be easily checked by calling Membership.GetUser() and ensuring the returned value is not null.  We could filter out specific users as well, but we didn’t implement this feature in our extension.

Post Filtering

It could be interesting to restrict who can see the posts in a specific blog category.  For example, a blog category “Top Secret” which can only be read by your company's upper management…  Not very likely in a blog, but you get the point.  Our extension does this filtering by associating a blog Category with a membership Role in the extension’s settings.


By associating a membership role with a blog category name, the extension ensures the user has this role before displaying a post associated with this blog category name.  If you add two roles for the same category, posts with this category will only be served if the user has both roles.

Adding a setting with an empty category name will ensure that all posts require a particular role.


using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using BlogEngine.Core;
using BlogEngine.Core.Web.Controls;
using System.Collections.Generic;
/// <summary>
/// Summary description for PostSecurity
/// </summary>
[Extension("Checks to see if a user can see this blog post.",
            "1.0", "<a href=\"\"></a>")]
public class PostSecurity
    static protected ExtensionSettings settings = null;
    public PostSecurity()
        Post.Serving += new EventHandler<ServingEventArgs>(Post_Serving);
        ExtensionSettings s = new ExtensionSettings("PostSecurity");
        s.AddParameter("Role", "Role", 50, true);
        s.AddParameter("Category", "Category", 50);
        // describe specific rules for entering parameters
        s.Help = "Checks to see if the user has any of those roles before displaying the post. ";
        s.Help += "You can associate a role with a specific category. ";
        s.Help += "All posts having this category will require that the user have the role. ";
        s.Help += "A parameter with only a role without a category will enable to filter all posts to this role. ";
        s.AddValues(new string[] { "Registered", "" });
        settings = ExtensionManager.GetSettings("PostSecurity");
    protected void Post_Serving(object sender, ServingEventArgs e)
        Post post = (Post)sender;
        bool continu = false;
        MembershipUser user = Membership.GetUser();
        continu = user != null;
        if (user != null)
            List<string> categories = new List<string>();
            foreach (Category cat in post.Categories)
            string[] r = Roles.GetRolesForUser();
            List<string> roles = new List<string>(r);
            DataTable table = settings.GetDataTable();
            foreach (DataRow row in table.Rows)
                if (string.IsNullOrEmpty((string)row["Category"]))
                    continu &= roles.Contains((string)row["Role"]);
                    if (categories.Contains((string)row["Category"]))
                        continu &= roles.Contains((string)row["Role"]);
        e.Cancel = !continu;


Simply saving this code in a .cs and putting it in your App_Code/Extensions for shall enable the plugin.

kick it on

SubSonic v2.1 Controller and Utilities

clock August 4, 2008 11:45 by author JKealey

We've done a few posts about how we use SubSonic here at LavaBlast. Recently, SubSonic v2.1 was released and we upgraded the code we've previously published to support this new version. We've blogged about our changes in the past and not much has changed since, but we did get a request to post our source code, so here it is. I've actually included a bit more code in this release so that this blog post has a bit more substance!

Download the source code.

The file contains our SubSonicController, SubSonicHelper, and our associated code generation templates. Nothing new to see here, except that you get downloadable code. We unfortunately did not have time to play with the new Query engine all that much, so our controller still uses the old one (which is used throughout our codebase). If anyone would like to augment our code to support the new query engine and post it in the comments, that would be great! Moving to the new query engine would circumvent the OR query limitation related to the search fields we've mentioned in the past.

Auditing using SubSonic

We like to log certain things in our Electronic Journal as it gives us ways to debug more efficiently, and provides us with a way to keep track of who changed what in case something breaks. We've included an SQL script that generates our ElectronicJournal table, and code which allows us to save events in the table. We've wired it up to our SubSonicController so that we can log all object updates, for example. What you log is your own business and it depends on your needs and performance requirements.


We've built an administrative interface over this table allowing us to navigate efficiently through the events. (Each of our pages in FranchiseBlast extends from generic controls which list/filter/page rows using our ObjectDataSource, effectively re-using the code we're presenting here.)

Various notes

  • Remember not to mix AND and OR in the current version of this code, with the old query engine.
  • Don't log everything on high volume sites, for obvious reasons.
  • Issue 3 is still open and waiting to be committed. The others bugs I previously reported (and a new one) have been committed.
  • We removed the ToList() which we added last time, because GetList() is already present. (Thanks to our readers for noticing!)
  • We replaced all calls to IsLoaded() to !IsNew() in our codebase. Click here to learn why.
kick it on

Month List


The opinions expressed herein are my own personal opinions and do not represent my employer's view in anyway.

© Copyright 2017

Sign in