|
| | | StrataFrame VIP
Group: StrataFrame Users
Last Login: Yesterday @ 12:10:08 PM
Posts: 1,327, Visits: 3,471 |
| This question is related to my post on how to dynamically set a user's role based on some data (http://forum.strataframe.net/Topic3970-21-1.aspx).
As the plot thickens...
Not all users have their access controlled at the project (application defined 'project', not a VS project) level. Some are 'enterprise' users, who automatically get access to all projects. I have a permission setup, 'AllProjectAccess', which will used to determine which users need access based on project and which have access to all projects.
If the user was logged on when I needed this, this would be easy:
SecurityBasics.CurrentUser.GetPermission("AllProjectAccess").Action
Unfortunately, the user isn't logged in yet. I have a custom login form that handles the OK click and within this procedure, I need to determine:
1. Is the user an enterprise user or a project level user
2. Get default project for user (applies to all users)
3. If user is a project level user, setup appropriate role(s) for the project
When this is done, I continue on with the process, calling me.OnLoginAttempt(), letting the framework do its magic.
So the question is, how do I do step 1? I want to user the framework to handle all the complexities that can occur to finally determine what the action is for that permission. |
| |
| | | 
StrataFrame Developer
Group: StrataFrame Developers
Last Login: Today @ 10:13:07 AM
Posts: 4,799, Visits: 4,768 |
| So the question is, how do I do step 1? Well, a user is going to have to be logged in to retrieve any permissions to test on. Once they are logged in, you can start swapping things around...I had posted a reply to you at some point about creating a custom login form...you can look at that to get an idea possibly. But you will have to login in order to retrieve permissions (at least through the normal framework functionality). You can use the SF security business objects and manually load the BO to get the data you want to look at before the login occurs. That is really the only way I know how to answer you on this one  . |
| |
| | | StrataFrame VIP
Group: StrataFrame Users
Last Login: Yesterday @ 12:10:08 PM
Posts: 1,327, Visits: 3,471 |
| Well, what you originally suggested (as I understood it) was to use a custom login form, then use the AuthenticateUser to see if the user was OK, then do my custom work to figure out what role(s) the user has for their 'default' project, load those roles into the SFSUserXRolesBO (clear any previous roles), then log them by calling the OnAttemptLogin(), which would handle logging them in, deal with invalid logins, etc.
I suppose that would have worked, except I actually have two classes of users, those with access to all projects and those with access on a project by project basis. If I have to go through the SFS BOs, I suppose I have to look at SFSRoleXUsers, SFSRolesXPermissions, SFSUserXPermissons all to figure out a permission right? |
| |
| | |
StrataFrame Developer
Group: StrataFrame Developers
Last Login: Today @ 10:13:07 AM
Posts: 4,799, Visits: 4,768 |
| | Is the "Enterprise" user static or change with the project? |
| |
| | | StrataFrame VIP
Group: StrataFrame Users
Last Login: Yesterday @ 12:10:08 PM
Posts: 1,327, Visits: 3,471 |
| In poking around in the Object Browser, I'm wondering if this might work:
' Authenticate user
dim userInfo as SFSUsersBO
dim loginResult as MircoFour.StrataFrame.Security.LoginResult
loginResult = MircoFour.StrataFrame.Security.Login.AuthenticateUser(me.txtUser,me.txtPwd,"",userInfo)
' Create temporary logged in user so we can check to see if they have all project access
dim tempUser as New LoggedInUser
tempUser = MircoFour.StrataFrame.Security.LoggedInUser.CreateNew(userInfo)
If tempUser.CheckPermission("AllProjectAccess").Action = PermissionAction.Deny Then
' Do role setting stuff
End If
Me.OnAttemptLogin()
|
| |
| | |
StrataFrame Developer
Group: StrataFrame Developers
Last Login: Today @ 10:13:07 AM
Posts: 4,799, Visits: 4,768 |
| | Greg, I think this whole think has become much more complicated than it needs to be. If it were me, I would adjust application to work within the confines of the security so I would not have to make a lot of changes. For example, when a user comes into the application, they are going to have to choose which project to work on, right? Why not do something with security at that point. Or what if your projects allows certain users to associated with it, rather than trying to go the other way around. I don't know your application, but I do know that we can come up with a more simple solution that what you have been doing lately. When it starts getting complicated like this...we always sit down as a team and figure out another avenue to travel. |
| |
| | |
StrataFrame Developer
Group: StrataFrame Developers
Last Login: Today @ 10:13:07 AM
Posts: 4,799, Visits: 4,768 |
| | Yes, it may work fine...but I woudl still consider revising the approach you are taking. |
| |
| | | StrataFrame VIP
Group: StrataFrame Users
Last Login: Yesterday @ 12:10:08 PM
Posts: 1,327, Visits: 3,471 |
| | There is a class of users that have enterprise level access. I.e. they can access all projects because they are 'enterprise' level users. They might be executives, users in a departments who help all projects or provide QC on projects. |
| |
| | |
StrataFrame Developer
Group: StrataFrame Developers
Last Login: Today @ 10:13:07 AM
Posts: 4,799, Visits: 4,768 |
| | So going back to my previous post, does the user have to select a project or does it just know somehow which project to open? |
| |
| | |
|