= Roles and Authorization =

Authorization is based on the existance of User``Roles records defined in the database.

User``Roles fields associated with authorization:

 * contract``Id - If zero/null then the User``Role applies to all contracts.
 * group``Id - If zero/null then the User``Role applier to all groups in the contract.
 * user``Id
 * role``Id
 * is``Allowed

Authorization is used for two functions:

 1. '''Transaction Authorization''' - Allowing access to Busines Transactions and FSMs - Handled by '''Business``Transaction``Base->new``BT''', which is called by the '''Dispatcher''' and '''Finite``State``Machine'''.
 1. '''Detail Screen and Download and Authorization''' - Allowing access to viewing of detail screens and downloading document files - Handled by '''User``Roles::has``Role'''.

Classes involved:

 * '''Transaction``Guard''' - A plan
 * '''Authorizer''' - Stored in the Session 
 * '''User``Roles'''

Main entry point from the application

 * '''User``Roles::has``Role''' - Called by application code.


== Transaction Authorization ==

== Detail Screen and Download and Authorization ==

Authorization of file downloads - Handled by '''Revisions->is``Download``Allowed''', which ultimately calls User``Roles->has``Role. Drawings``Revisions``Join``Set calls Revisions->is``Download``Allowed.