Dynamically setting user roles?


Author
Message
Trent Taylor
Trent Taylor
StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)
Group: StrataFrame Developers
Posts: 6.6K, Visits: 6.9K
OK, not so quick reply

I don't know what happened here because I remember Ben responding to this as I walked out of the office the other day.  So I am sorry for any trouble.  He must have accidentally closed before posting or something.

assign them that role (something about updating SFSXUserRoles table), then maybe some other action that makes this role take affect(??).

Yes.  You are basically looking at being your own SecurityDialog.  In essence you will need to manipulate the tables to move the permissions and/or roles to the appropriate user for the appropriate "application project" (referring to projects within your application).  You are on the right track here.  This is obviously a little more advanced than standard use, but is possible all the same.  One thing that might help you visualize the tables a little better is in the Security Help file:

Defining Security within the Appplication -> Deploying Security Data

Just go to the bottom and you will see some screen shots of the tables with data. One other topic that may help is the hierarchy of the permissions.  For example, if you have a role with a permission defined, it can be overridden at the user level.  Obviously if the user permissions are left alone and you go solely off of a role here, you only have to move one record around.  If you go to the user individual permissions level you will have to move the number of records that pertain to your project settings.  Just a tip Smile

Security Maintenance -> Permissions -> Permission Hierarchy

Allow the user to switch projects. They are already authenticated, just need to provide them a list of projects (this I can do), they pick one, lookup the role for that project, then back to assigning them that role and some action to make it take effect.

You can just manually re-login the user to get the permissions up to date.

MicroFour.StrataFrame.Security.Login.SetLoggedInUser(...)

You can learn more about this under the web applications authentication. Defining Security within the Application -> Web Applications -> Authenticating Users

Allow user to logoff, then log back in, of course, this would include all the project stuff again

Not much to say here other than yes.  Once you change the permissions the will take effect the next time they log on.

Lock app, so they have to reauthenticate to continue. Not sure how any open forms are handled here at all. Any info would be helpful as well as info on how to implement.

This is called session locking and is an easy to implement feature.  To learn more about this, look in the help docs under: Security within the Application -> Session Locking

To implement session locking, look at the article: Defining Security within the Application -> Adding Security to an Existing Application

Go down to 5c and you will see how to start the session monitoring.

Greg McGuffey
Greg McGuffey
Strategic Support Team Member (3.4K reputation)
Group: Forum Members
Posts: 2K, Visits: 6.6K
I don't know what happened here because I remember Ben responding to this as I walked out of the office the other day. So I am sorry for any trouble. He must have accidentally closed before posting or something.




Figured something like that must have happened. No worries. You guys have been very good about being responsive and very helpful. And when this did fall through the cracks, you got right back on it. Excellent.





You are basically looking at being your own SecurityDialog




Is the SecurityDialog the form that allows you to manage users/roles/permissions? I'd still use this to create roles, users and set permissions for roles, but use my own to define which role a user gets on any specific app project. Right?



What I'm still really unclear about is what exactly happens in the ShowLoginAndInitMainForm sub in AppMain.vb. There is one line of code there that calls the logon form, authenticates the user, sets that user as the current user (unless they cancel, then it closes the app), then opens the main form. Seems like I will need to take control of this so I can insert the project related stuff. Will I need to user my own login form? I assume this work doesn't happen in a form, right?



I think I can figure out how to manipulate the permission (I take a look at the help topic you noted), but I don't understand what I'd have to do to end up with a logged on user if I have to do it myself.



If you go to the user individual permissions level you will have to move the number of records that pertain to your project settings. Just a tip Smile




Good tip Wink



I'll take a look at all the info you indicated also.
Greg McGuffey
Greg McGuffey
Strategic Support Team Member (3.4K reputation)
Group: Forum Members
Posts: 2K, Visits: 6.6K
OK, first question about updating the SFSUserXRoles table. There is a ur_CreatedBy and ur_CreatedAt fields, both required. Do I need to set values for these? I'd use the SFSUserXRolesBO to do this, I assume. If so, who would be the user? The security user? How would I use that logon to do this work?



First of many questions, I'm sure...
Trent Taylor
Trent Taylor
StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)
Group: StrataFrame Developers
Posts: 6.6K, Visits: 6.9K
ur_CreatedBy and ur_CreatedAt fields

Leave these fields alone..they will be automatically set through the default values of the BO.

I'd use the SFSUserXRolesBO to do this, I assume. If so, who would be the user? The security user? How would I use that logon to do this work?

You can leave these alone if you would like.  However, you can set these to the user PK value associated with your administrator user.  This is generally a -1 for the user PK.

Greg McGuffey
Greg McGuffey
Strategic Support Team Member (3.4K reputation)
Group: Forum Members
Posts: 2K, Visits: 6.6K
[quote]You can learn more about this under the web applications authentication. Defining Security within the Application -> Web Applications -> Authenticating Users[\quote]



My help file doesn't have this section or I couldn't find it (in either the framework help or the security help). I searched the security help file for 'web' and there were no results. You have a newer help file than I do perhaps?
Trent Taylor
Trent Taylor
StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)
Group: StrataFrame Developers
Posts: 6.6K, Visits: 6.9K
I am not sure when you last downloaded...but if you get the latest version the helps docs are updated.  Just to save a little time I attached the CHM to this post.
Attachments
HelpDocs.zip (175 views, 15.00 MB)
Greg McGuffey
Greg McGuffey
Strategic Support Team Member (3.4K reputation)
Group: Forum Members
Posts: 2K, Visits: 6.6K
Thanks for the quick replies.



I was hoping that was the case regarding the CreatedBy and CreatedAt fields. BigGrin



I have 1.5.0. I haven't d/l or installed the newest version (1.5.1). I will attempt to get that done ASAP. The new help file is good. I'm reading it now...
Trent Taylor
Trent Taylor
StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)
Group: StrataFrame Developers
Posts: 6.6K, Visits: 6.9K
There are a number of enhancements and updates to the framework in 1.5.1 so I recommend doing this when you get the chance.
Greg McGuffey
Greg McGuffey
Strategic Support Team Member (3.4K reputation)
Group: Forum Members
Posts: 2K, Visits: 6.6K
Will do. The new help file really helped. You didn't directly answer this question, but I'm getting very close to understanding how to do this:



What I'm still really unclear about is what exactly happens in the ShowLoginAndInitMainForm sub in AppMain.vb. There is one line of code there that calls the logon form, authenticates the user, sets that user as the current user (unless they cancel, then it closes the app), then opens the main form. Seems like I will need to take control of this so I can insert the project related stuff. Will I need to user my own login form? I assume this work doesn't happen in a form, right?




So, I get how to manually do this. The steps would be something like:



1. Get user credentials (user name and password) (question below about this)

2. Authenticate user using AuthenticateUser()

3. Using the us_pk property of the returned SFSUserBO, I would lookup the users default project in my own table and get the pk for the role to use with this project (using BO for this table of course)

4. Using the SFSUserXRolesBO, I would update the existing role for the user

5. Make this user the current user by calling SetLoggedInUser()

6. Show the main form if they didn't cancel out



Did I miss anything?



Now, a question about using an SF Login Form. I'm assuming I wouldn't use this at all, because it is part of the Login class (or rather it appears to be used by this class) and as such, I wouldn't have the control I need, correct? Or another way to ask the question, would the SF Login form be of any use to me here?

Trent Taylor
Trent Taylor
StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)StrataFrame Developer (10K reputation)
Group: StrataFrame Developers
Posts: 6.6K, Visits: 6.9K
Did I miss anything?

I think you're good Smile

Or another way to ask the question, would the SF Login form be of any use to me here?

If you download the latest 1.5.1 build, there is a template to create a custom login form.  You will want to use this as it ties into session locking, etc.  When you create the template, you will see that all of the required code is already in the form.  You can place your code to do your "permission swapping" in the click of the OK button.  Basically you will manually call the AuthenticateUser() to make sure the entered text is valid...if so, place your code to swap your permissions.  Then after you have done that, call the Me.OnAttemptLogin so that all of the remaining logic will remain in place.

I know that you can make this work...and I am pretty confident the instructions I gave you will work...but if not, let me know and we will address the issues one at a time.

GO

Merge Selected

Merge into selected topic...



Merge into merge target...



Merge into a specific topic ID...




Similar Topics

Reading This Topic

Login

Explore
Messages
Mentions
Search