Pages: 1

#1 2014-12-11 13:36:49

alexdmatveev
Member
Registered: 2014-09-12
Posts: 87

How to add custom model table to AccessRights?

Hello,

I have tried to find the solution in documentation and examples but without significant success.

My task is to manage access to some model tables via permissions stored in server Database.

Looks like I should use AccessRights field of then authuser table (TSQLAuthUser class).

I see the field contains permissions and tables are there by their model indexes...

First... it is not clear what the indexes are.

Please explain me the moment.

For example I have a model:

Result := TSQLModel.Create([TSQLAuthUser, TSQLAuthGroup, TAccount, TTransfer, TOmMessagePatientDetails,
                              TPersonal, TCountry, TLanguage, TClient, TMandant,
                              TOmMessageOpenDetailsInstant, TOmMessageOpenDetailsPDF, TOmMessageOpenDetailsJpg,
                              TOmMessageOpenDetailsForm, TOmMessageOpenDetailsMail]);

Now I want to restrict user USER1 to use TOmMessagePatientDetails table ONLY for READ (not DELETE and no UPDATE).

In my example TOmMessagePatientDetails has index = 4. Right?
What if other developer will change table order in the model? It looks like allowed in code.

So... Where can I read all steps documentation about how to make per-table permissions?

Thanks a lot.

Offline

#2 2014-12-11 15:04:19

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,206
Website

Re: How to add custom model table to AccessRights?

The Model order should never be modified.
By design.

Even a deprecated table should still be there, even if not used.
Otherwise the AccessRight and also RecordReference published fields would not work as expected.

You could easily get the table index in the model using Model.GetTableIndex() or Model.GetTableIndexExisting() methods.

Offline

#3 2014-12-11 15:23:37

alexdmatveev
Member
Registered: 2014-09-12
Posts: 87

Re: How to add custom model table to AccessRights?

>By design.

Clear answer.

Thanks a lot.
Will make a comment in the sources... Maybe it will help to prevent troubles from my colleagues.

Offline

#4 2014-12-12 10:27:18

alexdmatveev
Member
Registered: 2014-09-12
Posts: 87

Re: How to add custom model table to AccessRights?

to be clear...
one question more:

if I am logged in as user from USER Auth Group... then I can not get all users than can access a table (for example TOmMessageOpenDetailsMail).
For the operation I need administrator permissions.

Right?

Offline

#5 2014-12-12 11:43:59

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,206
Website

Re: How to add custom model table to AccessRights?

Yes.

Two notes:
1. The Groups define the R/W permission per table. So if you change the group, you change the policy rights.
2. The security rules would be only for remote REST access, not for server-side service ORM access (e.g. from within a service method, which is executed with full rights);

Offline

#6 2014-12-12 12:08:59

alexdmatveev
Member
Registered: 2014-09-12
Posts: 87

Re: How to add custom model table to AccessRights?

See
thanks a lot!

Offline

Pages: 1

Board footer

Powered by FluxBB