• RolesAndAuthorization

Roles and Authorization

Authorization is based on the existance of UserRoles records defined in the database.

UserRoles fields associated with authorization:

• contractId - If zero/null then the UserRole applies to all contracts.

• groupId - If zero/null then the UserRole applier to all groups in the contract.

• userId

• roleId

• isAllowed

Authorization is used for two functions:

1. Transaction Authorization - Allowing access to Busines Transactions and FSMs - Handled by BusinessTransactionBase->newBT, which is called by the Dispatcher and FiniteStateMachine.

2. Detail Screen and Download and Authorization - Allowing access to viewing of detail screens and downloading document files - Handled by UserRoles::hasRole.

Classes involved:

• TransactionGuard - A plan

• Authorizer - Stored in the Session

• UserRoles

Main entry point from the application

• UserRoles::hasRole - Called by application code.

Transaction Authorization

Detail Screen and Download and Authorization

Authorization of file downloads - Handled by Revisions->isDownloadAllowed, which ultimately calls UserRoles->hasRole. DrawingsRevisionsJoinSet calls Revisions->isDownloadAllowed.