hub.eb?material_id=559&track_id=547
Login
Back

Checking Authorizations

The Authorizations of a user are set up in the Integration event of the Logon Service. Authorizations consist of three properties:

  • Type category of permission e.g. product
  • Name the particular object or path the permission relates to e.g. technology/computer/laptop/*
  • Function action to be performed e.g. edit

Authorizations can be queried using system.securityManager.isAuthorized(type, name, function).

Steps

1

Complete the following steps using the Logon Service you created in the Introduction to Logon Services tutorial.

2

Add the following code to the Integration event of your Logon Service:

// Grant the user EDIT authorization for the Netbook product
tables.AUTHORIZATION.insertRow();
tables.AUTHORIZATION.TYPE.value = "product";
tables.AUTHORIZATION.NAME.value = "computers/laptops/Netbook";
tables.AUTHORIZATION.FUNCTION.value = "EDIT";
tables.AUTHORIZATION.ALLOW.value = "TRUE";
tables.AUTHORIZATION.updateTable();
3

Create a form and add a table called Products with three columns: product_id, name and price.

4

Add a Repeater Control to your form using the Products table.

Add name and price to the Repeater Row.

Add an Edit button to the Repeater Row and name it editBtn.

5

Add a Before Form script to your form with the following code:

// Add some products to the table
tables.products.insertRow();
tables.products.product_id.value = 1;
tables.products.name.value = "Gaming Laptop";
tables.products.price.value = 499.99;

tables.products.insertRow();
tables.products.product_id.value = 2;
tables.products.name.value = "Netbook";
tables.products.price.value = 249.99;

// These products are in the laptops subcategory of the computers category
var productCategory = "computers/laptops/";

// Modify the repeater behaviour so that the Edit button is only
// displayed for products that the current user is authorized to edit
var products = tables.products.getRows();
while (products.next()) {
  var productFullName = productCategory + tables.products.name.value);
  if (system.securityManager.isAuthorized("product", productFullName, "edit")) {
    controls.editBtn.show();
  } else {
    controls.editBtn.hide();
  }
}
6

Run your form and notice how the edit button is hidden for some products. You may have to tweak your Logon Service or the products added in the Before Form script to make this work.

Previous PageNext Page

Current Module

Security Manager
view
Introduction to the Security Manager
view
Logging On and Off
view
Checking Roles
view
Checking Authorizations
Update a Logged on User
view

Related

Security Manager
view
Introduction to the Security Manager
view
Checking Roles
view
Security Manager
view
Populating Authorizations
view
Previous PageNext Page