Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Anchor
top
top

In This Section

Table of Contents
maxLevel2

...

 

Default Authorization

By default a plugin does not define any authorization which means that all components contained by the plugin can be used by anyone at any time (unless a component is licensed and the application server on which it is installed does not have the proper license). This is normally done during development and is not recommended in a live situation. The following section describes how to define custom authorization.

 

Back to Top

 

...

Permission Category

In XperienCentral, a plugin may define zero or more permissions. A permission is a fine-grained definition of a particular operation on one or more objects. Assigning the permission to a role grants that role the particular permission. A permission must always be positive - it grants particular rights and never denies rights.

...

When the plugin is deployed, the permission categories defined in each component definition contained by the plugin are installed or updated automatically. When defining and using permission categories, be sure that they conform to the development guidelines (/wiki/spaces/PD/pages/24721296 and /wiki/spaces/PD/pages/24721296 in particular).

 

Back to Top

 

...

Anchor
permissions
permissions
Permissions

A permission grants a role the rights to perform a particular operation on one or more objects. This is a definition that can be interpreted in many ways, and the permission itself does not define the exact operation it grants permission for and the object on which the operation operates. It is the software itself using the permission that defines what rights the permission provides.

...

To instantiate permissions invoke the constructor of PermissionImpl. The value, labelId and permissionCategory are input arguments of the constructor.  The permissions defined in each permission category of the plugin are installed or updated automatically when the plugin is deployed. When defining and using permissions, be sure that they conform to the development guidelines (/wiki/spaces/PD/pages/24721296 and /wiki/spaces/PD/pages/24721296 in particular).

 

Back to Top

 

...

Permission Groups

Because of the fine-grained definition of permissions, assigning them to the proper roles can sometimes be difficult. The default XperienCentral application itself already contains over 70 separate permissions and this amount will only grow in the future or when you deploy additional plugins. For ease of use, the concept of a permission group was introduced. A permission group is nothing more than a collection of permissions. Instead of assigning individual permissions to a role, it is also possible to assign a permission group to a role, thus implicitly assigning a collection of permissions to the role.

...

When the plugin is deployed, the permissions are automatically added to the permission group and thus implicitly to all roles assigned to this permission group. This way even a plugin that defines restricted access can become available to users automatically without manual intervention.

 

Back to Top

 

...

Using Permissions

To use permissions in your code you first have to define a dependency with the Authorization service. The Authorization service provides a method checkAccess which takes the permission’s value as an input argument in order to check whether the current user has the specific permission. Depending on the result of this call a particular piece of software will or will not be invoked.

...

When using permissions, be sure that they conform to the development guidelines (/wiki/spaces/PD/pages/24721296 and /wiki/spaces/PD/pages/24721296 in particular).

 

Back to Top

 

...

Element Permission

For element components, the element itself is created and deleted by the XperienCentral framework rather than the controller contained by the element component itself. While create and delete authorization checks would typically be programmed in a Java class of the plugin, for element components this is done differently.

...