Authorization - specific action

Hi
Is possible we can manage user authorization for specific button action in CUBA? For example, running a calculation through a button action?

1 Like

Hello.
At first, it is possible to manage access rights to specific UI - component.
Required grants may be given to security role. To do this:

  1. Log in with an Administator account and open “Administration->Roles” screen
  2. Create a new role
  3. In the role-editor open the ‘UI’ tab
  4. There you can add required componet to list:
    a. choose “Screen” from a dropbox and
    b. specify the Component: use ‘id’ of the component (you can find it in the component properties in the Studio)
  5. After that you can specify Permisions: “read-only”, “hide” or “edit”

Then just assign the role to your user and the setting will work from a next login.

The second way is to use role’s specific permissions. It is more complicated but considered as more convenient.

  1. Add a new specific permission to you application. To do this find ‘permissions.xml’ - file in you project, and add a new item to it.

 <permission-config xmlns="[url=http://schemas.haulmont.com/cuba/permissions.xsd]http://schemas.haulmont.com/cuba/permissions.xsd">[/url];
    <specific>
        <category id="app">
            <permission id="<b>app.DoUserDefinedAction</b>"></permission>
        </category>
    </specific>
</permission-config>
  1. Restart your tomcat server
  2. Now, a new property is available on the ‘Specific permissions’ tab of a role-editor (Administration->Roles).
  3. So, you can check that property for current user in your code, and grant or deny required actions.
    Injection of Security-instance is required.

 @Inject
private Security security;
.....
public void onTestPermissionClick(Component source) {

        if (security.isSpecificPermitted("<b>app.DoUserDefinedAction</b>")){
            showNotification("Buttonclick granted", NotificationType.HUMANIZED);
        }
        else {
            showNotification("ButtonClick prohibited", NotificationType.HUMANIZED);
        }
    }