Security
Security permissions are assigned by creating roles and adding users to those roles. The roles, in turn, define what users in that role can do.
Access items are things in the system that permissions can be applied to. They can be systems, schemas, object items, or custom. Permissions to access items can be view, add, edit, delete, and execute.
Access in the system is hierarchical. If an access item has a view permission than all its children will have the view permission. If the access item has 'None' for the permission, the children define the permission themselves.
All the security settings for all systems can be found in the SecurityRoles.xml file in the TurnObjects folder. An example of a security roles file is in the ContactDatabase example.
Access Item Types
Access items are the things in the system that get permissions assigned to them. Each item will need to be assigned a type as described in the table below. This type tells the system how to apply authentication on the item.
|
| Generic | Generic custom items that can be assigned security permissions. |
| System | Access to a system and it's schemas. |
| Schema | Access to a schema and it's data items. |
| Item | Access to an item in a schema. |
Permission Types
Each access item can have the following permission types. These permissions can be set to Yes, No, and None. A permission with the value of 'None' will defer it's permission to it's child item.
|
| View | User can view the data. |
| Add | User can add new data. |
| Edit | User can edit the data. |
| Delete | User can delete the data. |
| Execute | User can execute functions on the data. |
Using Security
The built in web controls have security methods already in place. If security is enabled on the control it is not nessasary to turn features of the control on and off based on permissions, the control will handle this. It is, however, possible to call the security methods directly if needed. There are many ways to authenticate a users permissions. The following method is a quick way to check authentication.
bool Can(UserItem user, string targetName, PermissionType permission)
bool Can(UserItem user, BaseObject targetItem, PermissionType
permission)
bool Can(UserItem user, TurnSchema targetSchema, PermissionType
permission)
Authenication on multiple items can be achived by creating an instance of the TurnSecurity.Access object and giving it the user to authenticate. This performs better and is easier to code.
Create an instance of an access object.
Access(UserItem user)
Setting the target access item
SetTarget(string targetName)
SetTarget(TurnSchema targetSchema)
SetTarget(BaseObject targetItem)
Check authentication on the item
bool Can(PermissionType permission)
The following code is an example of checking the view permission for the AdminSite.
© 2008 TurnObjects All rights reserved. Legal | Privacy
|