Hi,
Is it possible to Grant Allow or Deny for actions those provided by View Controllers or ActionAttribute ?
We are adding many actions for our objects, and we need to set permissions for all actions.
You prefer a way in issue CQ47846 : how can i set permissions for ChangePasswordController's ChangePasswordByUser action?
But do i need to create a MyOwnPermission class for all of my actions ?
Or there is a more generic an accaptable solution?
Thanks,
Akın GÜNEŞ
İletişim Yazılım
We have closed this ticket because another page addresses its subject:
ConditionalAppearance - Make it possible to manage Action availability against the currently logged user
Hello Akın,
Thank you for the report.
>>
Is it possible to Grant Allow or Deny for actions those provided by View Controllers or ActionAttribute ?
<<
Yes, it's possible, and you should manage this task via custom permission. Please refer to the Complex Security Strategy: Check Permissions help topic for more details.
>>
We are adding many actions for our objects, and we need to set permissions for all actions.
<<
We have a question here: could you please explain the scenarios that require declaring many actions within business objects? Usually, an action may reside not so often, e.g. like with ChangePasswordByUser when some business rule related to this object should be performed.
Knowing your current reasons, we can approve your approach or suggest a better development decision.
Thanks,
Dennis
Hi Dennis,
Sorry for my very late answer, i am a bit overloaded nowadays.
Find my explanations below.
1.
>>
Yes, it's possible, and you should manage this task via custom permission. Please refer to the Complex Security Strategy: Check Permissions help topic for more details.
<<
This is the same approach that i have mentioned in my original post. I already knew this approach. It requires to define a Custom Permission Class for all different actions. Simply, if i have 20 different Actions in my application, i have to Code 20 different CustomPermission class. I need more generic way. Maybe this custom permission classes can generate automatically at runtime.
2.
>>
We have a question here: could you please explain the scenarios that require declaring many actions within business objects? Usually, an action may reside not so often, e.g. like with ChangePasswordByUser when some business rule related to this object should be performed.
Knowing your current reasons, we can approve your approach or suggest a better development decision.
<<
Some actions from my application.
Actions On ProductionOrder Class
-ShowOtherBoms -> Display Bill Of Material (Boms) that can be used with this production order. (Bom's defined for the production Orders Main ProductCode)
-Show Other Production Orders -> Displays the production Orders that has opened for same product.
-New Stop -> Create a new StopTransaction for the selected Production Order.
-Generate Raw Stock Usage -> Calculates Raw Stock Usage from the Bom based on Production Amount
-New Raw Stock Usage -> Create a Raw Stock Usage Record for this Production Order
-Display Bom Detail -> Displays the Bom_Detail View for the Bom attached with this ProductionOrder
-Recalculate -> Recalculates amount of products which is used in this production Order
Actions On Products
-Show Production Orders -> Displays the production Orders for this product.
-Show Transactions -> Displays transactions for this product.
-Transfer Product -> Create a quick Transfer Transaction for this product.
-Display Warehouse Amounts -> Displays amount related informations (total incoming amount, total outgoing amoun, reserved amount, onhand amound, etc.) for all Warehouses for this Product
-StartProduction -> Changes ProductionOrderStatus from Not Started To Started so that this production Order can be displayed by the Workers and they can work with this Production Order
-Complete Production -> Changes ProductionOrderStatus from Started to Completed so that chief of workers can see that production is completed and they can check ProductionOrder infos.
-ApproveProduction and Reject Production -> Production Chief can Approve or Reject production.
-Build ProductionOrderTransactions -> After a production Order is completed, some Transactions must be created automatically or clicking the Build ProductionOrderTransaction Action. It builds teansaction records. (like, Input From Production, Usage Slips for the raw stocks, Material Usages, Resource Usage, Wastage(loss) slips, etc.)
General Actions
-Import From ERP Program
-Export To ERP Program (For Some object types inherited from ErpBaseObject)
-Display Record Change History (AuditTrail)
-Parameters -> Action for displayin Singleton Class Detail View
-Actions Provided By Dexex
-Show In Report Action
-Open Object Action
-My Details Action
-Change My Password Action
-Reset My PAssword Action
-Previous Object Action
-Next Object Action
etc, etc…
I can give many other action samples.
Here, i want to say 1 more thing : Some actions may be related more than 1 object type. For example RecordNavigation Action, Show In Reports Action, Object Change History Action etc. For those kind of action, i must be able to define permission for all object types seperately.
Also, if 1 action depended only 1 object type, it would very nice to give permission for this action on the this Objects Acces Permission setting page.
Regards,
Akın GÜNEŞ
İletişim Yazılım.
Hello Akin,
Thank you for the report. There is another approach: create a generic "ActionPermission" class (a descendant from the "PermissionBase") and introduce the "ActionId" property.
For more details on this permission see this example (the "MemberAccessPermission" class): OBSOLETE - How to implement the MemberLevel security manually (for example, to deny the 'Read' access for declared properties of some business class, and allow access for the inherited properties).
Thanks,
Dennis
Hi Dennis,
Thank you for your reply.
These seems to be work for me. I'll try it.
I have few more question here;
1-How can i get all actions ID and name to fill the property editors in the ActionPermission Detail View ? So my user can Selct it from a comboBox.
2-Is there any place that i can put my Code which check Access Permission. Like
ObjectAccessComparer.SetCurrentComparer(new MemberLevelObjectAccessComparer());
I think maybe an event Application.BeforeActionExecute(object sender, Action action), or something like this. If it is a generic class, i must be able to check it from a central position. True ?
Thank you for your helps,
Regards,
Akın GÜNEŞ
İletişim Yazılım
Hello Akin,
Thank you for the feedback. We are working on your issue and will answer ASAP.
Thank you for your patience,
Dennis
Hello Akin,
>>
1-How can i get all actions ID and name to fill the property editors in the ActionPermission Detail View ? So my user can Selct it from a comboBox.
<<
You can access the application model via code and iterate through all the subnodes under the ActionsDesign node to find IDs of actions.
>>
2-Is there any place that i can put my Code which check Access Permission. Like
<<
Yes, you can implement a custom ViewContoller that will iterate through all the frame's controllers and their actions and handle its Executing event. In the event handler you can check your permission using the [IsGranted](http:/ /www.devexpress.com/Help/?document=expressapp/customdocument2981.htm) method. An example code may look like this:
... foreach(Controller controller in Frame.Controllers) { foreach(ActionBase action in controller.Actions) { action.Executing + = action_CheckActionPertmission } } ... action_CheckActionPertmission(...) { SecuritySystem.IsGranted(new ActionPermission(action.Id)); } ...Please let us know in case of any difficulty.
Thanks,
Dennis
P.S.
The Support Center concept does not allow multiple problems within a thread as this makes it difficult to properly track such items. Please open a new issue for each question you want to ask.
Hi Dennis,
Thank you for your help.
I think your suggestions will solve my issue.
I will implement these features, and if i have any difficulty, i know that you are always here for us.
Thanks,
Akın GÜNEŞ
İletişim Yazılım
PS: I am respect your support center concept. However i thought my questions are related with this topic. I will be more carefully my next posts.
OK, Akin, thanks for the feedback. Do not hesitate to contact us in case of any problem.
Thanks,
Dennis