In this step you will learn how you can control the available user actions through permissions.
Apart from unnecessary tools, the WebVisits application still provides more superfluous and potentially dangerous options, a regular user should not have. It is for example possible to delete shapes, modify web page names, turn arrows etc. These are actions you want to prohibit but on the other hand the user shall still be able to arrange the diagram, resize shapes, add headings and annotations.
NShape can manage this kind of requirements using user permissions. There are many different permissions for instance for creating shapes, deleting shapes, formatting shapes, editing templates etc. Every user action requires one or more such permissions and the permissions must be granted for the shapes, the user wants to act upon. For instance, if the user has selected three shapes and wants to move them, this action will only be allowed if he has granted the layout permission for all three shapes.
In order to assign required permissions to shapes, every shape is part of a so-called security domain. A security domain is identified by a single letter name and defines a set of objects that require the same access rights. A security manager, which is part of the NShape project then decides whether the current access rights are sufficient to grant the required permissions.
How this decision is taken depends on the general security strategy of the application context and can be implemented accordingly. As a default approach, NShape comes with a role-based security manager, who decides depending on a current user role and a table that assigns granted permissions to required permission per security domain. What you have to do is design your permission model, configure the security manager accordingly and set the required user role. All the permission checking is then done by the NShape framework.
For the sake of this tutorial, you can restrict yourself to one single user, let us call him the operator. In the shape area, we must distinguish between the web page shapes created by the application and the additional text and heading shapes created by the user. Over the latter ones, the user should have complete control, which means he can create them, modify them and delete them as well. He gets all permissions regarding these shapes, so we assign them to security domain A.
Regarding the web page shapes the user can do everything that has to do with layouting, so we define a second domain called G (for generated shapes) that permits layouting to operators and nothing else.
1.In method Form1_Load, after the project has been created, give the Designer role all permissions:
((RoleBasedSecurityManager)project1.SecurityManager).SetPermissions('A', "Designer", Permission.All);
2.After that, create an additional security domain named G and assign it the permission to layout:
((RoleBasedSecurityManager)project1.SecurityManager).AddDomain('G', "Application generated objects");
3.Then set current user role to Designer:
((RoleBasedSecurityManager)project1.SecurityManager).CurrentRole = StandardRole.Designer;
4.At both occurrences in fileLoadStatisticsToolStripMenuItem_Click, where a shape is created, assign the G security domain to it:
referringShape.SecurityDomainName = 'G';
5.Run the application, create the diagram and try editing it. You are able to insert, modify and delete text and headings. You also can move and resize web pages, but you are not allowed to delete web pages or modify the web page name.
Without the required permission, it is impossible to edit the shape text.