Pages: 1

#1 2013-07-03 18:56:49

warleyalex
Member
From: Sete Lagoas-MG, Brasil
Registered: 2013-01-20
Posts: 250

Authorization Roles

Is it possible to use something Datasnap-like authorization role in mORMot?

// Both 'EchoString' and 'ReverseString' methods would require the user to have the 'admin' role to invoke the method. 

[TRoleAuth('admin')]
TServerMethods1 = class(TComponent)
public
  function EchoString(Value: string): string;
  function ReverseString(Value: string): string;
end;

// Only the 'EchoString' method has the 'admin' role associated with it. 

public
  [TRoleAuth('admin')]
  function EchoString(Value: string): string;
  function ReverseString(Value: string): string;
end;

// Only 'guest' can invoke method EchoString.  Only 'user' can invoke method ReverseString.

  [TRoleAuth('guest')]  
  function EchoString(Value: string): string;
  [TRoleAuth('user')]   
  function ReverseString(Value: string): string;

Offline

#2 2013-07-03 19:37:45

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,661
Website

Re: Authorization Roles

Security is not attribute-based, but via a fluent interface.
It is based on groups and strong authentication, so is more advanced than Datasnap.

Like this:

Server.ServiceRegister(TServiceCalculator,[TypeInfo(ICalculator)],sicShared).
    DenyAll.AllowAllByName(['Supervisor']);

I really do not like the attribute-based settings.
It will definitively pollute the interface declaration, and won't allow to have several security policies, whereas a fluent interface allows customization at runtime.
And, in fact, AFAIK, the DataSnap security is based on callbacks and manual authentication by code... I still do not understand the benefit of roles in addition to the method names.

Please check the SAD pdf 1.18
and http://blog.synopse.info/post/2012/03/0 … on-details

Offline

#3 2013-07-08 18:41:47

warleyalex
Member
From: Sete Lagoas-MG, Brasil
Registered: 2013-01-20
Posts: 250

Re: Authorization Roles

Thank you for replying.
------
Now I'd like to build a basic jQuery application to demonstrate "User Login Details" with mORMot.

I'd like to have a few more fields in TSQLAuthUser class, lika LastName, FirstName, Department, Roles, etc.
OK. After authentication, when I clicked on "User Profile" I would like to:
Change password: *****
Change user photo: [select a picture]

Select a Department: (choose one)
====================
(x) Accounting
( ) Sales
( ) Plant
( ) Shipping
( ) Quality Central

Select user Roles: (choose one or more)
==================
( ) Adm
(x) Pay
( ) Rec
(x) Ben
( ) Led
( ) Pay
( ) Inv
( ) Pro
::::::::::::
I can surely use a dynamic array of record with these fields.

I discovered that dynamic arrays of records are converted as Base64 encoded binary data and stored
as binary in BLOB fields (I'm not sure but I think this could also be saved to a String field in a Sqlite table).
____________
Can someone point me in the right direction on how to:
a) return a json object like this:

[{
		"uname" : "user",
		"first" : "warley",
		"last" : "alex",
		"email" : "warley@alex.com",
		"password" : "abc456",
		"department" : {
			"value" : "Accounting",
			"ordinal" : 0
		},
		"roles" : [{
				"value" : "Pay",
				"ordinal" : 1
			}, {
				"value" : "Ben",
				"ordinal" : 3
			}
		]

	}, {
		"uname" : "guest",
		"first" : "John",
		"last" : "Carter",
		"email" : "john@carter.com",
		"password" : "xyz123",
		"department" : {
			"value" : "Sales",
			"ordinal" : 1
		},
		"roles" : [{
				"value" : "Pay",
				"ordinal" : 1
			}, {
				"value" : "Rec",
				"ordinal" : 2
			}, {
				"value" : "Led",
				"ordinal" : 4
			}
		]
	}
]

a) In my tests, dynamic arrays of records when mystring[0] = yesterday
                                                                 mystring[1] = tomorrow

are converted as Base64 encoded binary data. How to decode this base64 in Javascript? 

{"roles":["?BAoCvzS3Fwl5ZXN0ZXJkYXkIdG9tb3Jyb3c="]}

--> when I decode this base64 string in JS, it returns weird result.

Last edited by warleyalex (2013-07-09 01:41:22)

Offline

#4 2013-07-09 06:21:35

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,661
Website

Re: Authorization Roles

If your field definition is fixed, you should better use an enumeration or a set instead of a dynamic array.
mORMot has also direct UI auto-generated forms to pick-up the corresponding elements (via a ComboBox or a group of CheckBoxes for a set).
And you can serialize the enumerations either as ordinal values (i.e. numbers), either as text.

If you want proper JSON serialization of dynamic array, you will have to customize it.
See the documentation or http://blog.synopse.info/post/2012/04/1 … ay-content

See also sample "20 - DTO interface based service" for reference.

Offline

Pages: 1

Board footer

Powered by FluxBB