NShape Programmer Tasks
Defining User Roles and Permissions

<< Click to Display Table of Contents >>

Navigation:  Programmer Tasks > Controlling User Access >

NShape Programmer Tasks
Defining User Roles and Permissions

Previous pageReturn to chapter overviewNext page

To Define User Roles and Accessibility

By default, the RoleBasedSecurityManager comes with several predefined settings, see section "Predefined Permission Sets" of the RoleBasedSecurityManager reference.

1.If you want to override the default settings, clear all settings:

RoleBasedSecurityManager securityManager = new RoleBasedSecurityManager();
foreach (StandardRole role in Enum.GetValues(typeof(StandardRole))) {
 if (role == StandardRole.Custom) continue;
 // Clear general permissions
 securityManager.SetPermissions(role, Permission.None, SecurityAccess.View);
 securityManager.SetPermissions(role, Permission.None, SecurityAccess.Modify);
 // Clear domain permissions
 for (char dom = 'A'; dom != 'Z'; ++dom) {
         securityManager.SetPermissions(dom, role, Permission.None, SecurityAccess.View);
         securityManager.SetPermissions(dom, role, Permission.None, SecurityAccess.Modify);
 }
}

2.Now that all features are blocked for all users, you can start enabling access to certain users.
Start with enabling full access to the administrator user:

// Grant full access to Administrator user
securityManager.SetPermissions(StandardRole.Administrator, Permission.All, SecurityAccess.View);
securityManager.SetPermissions(StandardRole.Administrator, Permission.All, SecurityAccess.Modify);
for (char dom = 'A'; dom != 'Z'; ++dom) {
 securityManager.SetPermissions(dom, StandardRole.Administrator, Permission.All, SecurityAccess.View);
 securityManager.SetPermissions(dom, StandardRole.Administrator, Permission.All, SecurityAccess.Modify);
}

3.Next, enable read-only access for Guest users. SecurityAccess.View means that properties of security aware objects are not hidden even if the user is not allowed to modify it.
If a permission is not granted for view access, properties that require this permission will not show in the property presenter.

// Guest User: View Only
securityManager.SetPermissions(StandardRole.Guest, Permission.All, SecurityAccess.View);
securityManager.SetPermissions(StandardRole.Guest, Permission.None, SecurityAccess.Modify);
for (char dom = 'A'; dom != 'Z'; ++dom) {
 securityManager.SetPermissions(dom, StandardRole.Guest, Permission.All, SecurityAccess.View);
 securityManager.SetPermissions(dom, StandardRole.Guest, Permission.None, SecurityAccess.Modify);
}

4.And last but not least, set permissions for an operator user. Operator user will have the permission to access all view all and modify some in this example.

// These objects can be inserted/deleted and modified but not styled.
Permission domainAPermissions = Permission.Insert | Permission.Delete | Permission.Layout | Permission.Data | Permission.Connect;

 
// These objects can be moved, resized and connected.
Permission domainBPermissions = Permission.Layout | Permission.Connect;

 
// These objects can be moved and resized.
Permission domainCPermissions = Permission.Layout;

 
// These objects can be styled.
Permission domainDPermissions = Permission.Present;
 

// Operator User
securityManager.SetPermissions(StandardRole.Operator, Permission.All, SecurityAccess.View);
securityManager.SetPermissions(StandardRole.Operator, Permission.None, SecurityAccess.Modify);
securityManager.SetPermissions('A', role, domainAPermissions, SecurityAccess.Modify);
securityManager.SetPermissions('B', role, domainBPermissions, SecurityAccess.Modify);
securityManager.SetPermissions('C', role, domainCPermissions, SecurityAccess.Modify);
securityManager.SetPermissions('D', role, domainDPermissions, SecurityAccess.Modify);
for (char dom = 'E'; dom != 'Z'; ++dom) {
 securityManager.SetPermissions(dom, StandardRole.Guest, Permission.All, SecurityAccess.View);
 securityManager.SetPermissions(dom, StandardRole.Guest, Permission.None, SecurityAccess.Modify);
}

5.Finally, set the current user role. In this example, the current user will be hard coded in order to keep it simple:

// Set current user
securityManager.CurrentRole = StandardRole.Operator;