| Deletions are marked like this. | Additions are marked like this. |
| Line 15: | Line 15: |
|
1. Allowing access to Busines Transactions and FSMs - Handled by '''Business``Transaction``Base->new``BT''', which is called by the '''Dispatcher''' and '''Finite``State``Machine'''. 1. Allowing access to viewing of detail screens and downloading document files |
1. '''Transaction Authorization''' - Allowing access to Busines Transactions and FSMs - Handled by '''Business``Transaction``Base->new``BT''', which is called by the '''Dispatcher''' and '''Finite``State``Machine'''. 1. '''Detail Screen and Download and Authorization''' - Allowing access to viewing of detail screens and downloading document files - Handled by '''User``Roles::has``Role'''. |
| Line 27: | Line 27: |
|
== Transaction Authorization == == Detail Screen and Download and Authorization == Authorization of file downloads - Handled by '''Revisions->is``Download``Allowed''', which ultimately calls User``Roles->has``Role. Drawings``Revisions``Join``Set calls Revisions->is``Download``Allowed. |
Roles and Authorization
Authorization is based on the existance of UserRoles records defined in the database.
UserRoles fields associated with authorization:
contractId - If zero/null then the UserRole applies to all contracts.
groupId - If zero/null then the UserRole applier to all groups in the contract.
userId
roleId
isAllowed
Authorization is used for two functions:
Transaction Authorization - Allowing access to Busines Transactions and FSMs - Handled by BusinessTransactionBase->newBT, which is called by the Dispatcher and FiniteStateMachine.
Detail Screen and Download and Authorization - Allowing access to viewing of detail screens and downloading document files - Handled by UserRoles::hasRole.
Classes involved:
TransactionGuard - A plan
Authorizer - Stored in the Session
UserRoles
Main entry point from the application
UserRoles::hasRole - Called by application code.
Transaction Authorization
Detail Screen and Download and Authorization
Authorization of file downloads - Handled by Revisions->isDownloadAllowed, which ultimately calls UserRoles->hasRole. DrawingsRevisionsJoinSet calls Revisions->isDownloadAllowed.