Creating custom global settings for a module

This article provides an example of creating global access setting for a module. In this example, a module menu item is created, which is displayed or hidden depending on the access permissions. Even if a user receives a direct link to a page of your module, access will be denied and a respective notification will be shown.

Example

Fig. 1. Access to the module in the global access settings

IModuleAccessPermissionProvider interface methods

/// <summary>
/// Get a "Module ID->Module access permission" values dictionary
/// </summary>
/// <returns></returns>
Dictionary<string, Permission> GetModuleAccessPermissions();

IPermissionProvider interface methods

/// <summary>
/// Get the list of permissions
/// </summary>
/// <returns></returns>
IEnumerable<Permission> GetPermissions();
 
/// <summary>
/// Get the information about assigning permissions to roles by default
/// </summary>
/// <returns></returns>
IEnumerable<PermissionStereotype> GetPermissionStereotypes();

Interface implementation example

[Component]
public class ModuleAccessPermission : IModuleAccessPermissionProvider, IPermissionProvider
{
    public const string Module = __ModuleInfo.ModuleId;
 
    public static string ModuleName = SR.M("Your module");
 
    /// <summary>
    /// ID for "Access to your module"
    /// </summary>
    public const string ModuleAccessPermissionId = "{DC849F17-681F-45d9-8C06-C017283BE766}";
 
    /// <summary>
    /// Access to your module
    /// </summary>
    public static readonly Permission ModulePermissionAccess =
        new Permission(ModuleAccessPermissionId,
                        SR.M("Access to your module"),
                        SR.M("Access to working with the module"),
                        ModuleName,
                        moduleUid: Module
                        //You can add ,readOnly: true - then this permission will include only the specified group.
                        );
 
         
    /// <summary>
    /// Get a "Module ID->Module access permission" values dictionary
    /// </summary>
    /// <returns></returns>
    public Dictionary<string, Permission> GetModuleAccessPermissions()
    {
        return new Dictionary<string, Permission> { { Module, ModulePermissionAccess } };
    }
 
    /// <summary>
    /// Get the list of permissions
    /// </summary>
    /// <returns></returns>
    public IEnumerable<Permission> GetPermissions()
    {
        return new[]
                    {
                        ModulePermissionAccess
                    };
    }
 
    /// <summary>
    /// Get the information about assigning permissions to roles by default
    /// </summary>
    /// <returns></returns>
    public IEnumerable<PermissionStereotype> GetPermissionStereotypes()
    {
        return new[]
        {
            new PermissionStereotype(
                new[] 
                {
                    ModulePermissionAccess
                },
                SecurityConstants.AdminGroupDescriptor)
        };
    }
 
    public List<string> LocalizedItemsNames
    {
        get { return null; }
    }
 
    public List<string> LocalizedItemsDescriptions
    {
        get { return null; }
    }
 
    public List<string> LocalizedItemsCategories
    {
        get { return null; }
    }
}

In this example, access to a module is implemented (a menu item is displayed or hidden depending on access permissions). To learn how to create a menu item, read this article.

After activating the module, a unit with your permissions will appear in the global access settings. You can use two methods to apply the permissions:

  1. Add an attribute with a permission to the controller or controller method.
  2. Check permissions in separate methods/views.

Controller with attribute example:

public class HomeController : BPMController
{
    [ContentItem]
    [Permission(ModuleAccessPermission.ModuleAccessPermissionId)]
    public ActionResult ViewItem()
    {
        return View("View");
    }
}

Permissions in methods/views example:

if (SecurityService.HasPermission(UserManager.Instance.GetCurrentUser(),
    ModuleAccessPermission.ModulePermissionAccess))
{
    //Your code
}

Links to API elements

IModuleAccessPermissionProvider
IPermissionProvider