add 'Creation of the role, user, and rights to shortcuts and entities with...

add 'Creation of the role, user, and rights to shortcuts and entities with js-code' section in rbac.md
parent 3686edc2
......@@ -33,10 +33,6 @@ Create a new user in the menu Groups and Users -> User list and add him the rol
## Access to the desktop and menu items
You can be set in two ways.
* Using Admin UI
It is advisable to use it on an already completed project.
Go to the Desktop or Shortcuts menu and add a role using the button on the toolbar
......@@ -46,20 +42,57 @@ Go to the Desktop or Shortcuts menu and add a role using the button on the toolb
Add the rights for EducationDepartment to the City Requests Desktop and Request List.
* Using js-code в _InitialData.
<a name = 'els'></a>
# Entity level security
Create rules for a specific role so that department users can only read and update existing applications.
Create permissions to read and modify records for the req model in the menu Administrator ->Security -> Entity level security. The user of departments can not add or delete records.
![els](img/rbac/els.png)
Entity mask are the names of entities that begin with req, Method mask method names that start with s and u (select and update)
Assign the same permissions to the HealthDepartment role.
Reboot the UB server and check if rules are applied correctly.
# Creation of the role, user, and rights to shortcuts and entities with js-code
Repeat all the actions that were performed above, for the HealthDepartment role with js-code.
This is a better way to quickly install a preconfigured project.
Add a new HealthDepartment role and rights to it.
Create the new file `030_setRole_navshortcuts.js` in the folder `models/requests/_initialData/`
Add to it following code
```javascript
This code does the following
* create new user hd_user
* create HealthDepartment role
* add hd_user to HealthDepartment role
* provide rights for CityRequests Desktop to HealthDepartment role
* provide rights for Request LIst shortcut to HealthDepartment role
* provide rights for `req*` entities to HealthDepartment role
``` javascript
module.exports = function(session){
var
desktopID, usersRoleID, folderID, lastID, conn = session.connection;
desktopID = conn.lookup('ubm_desktop', 'ID', {expression: 'code', condition: 'equal', values: {code: 'CityReq_desktop'}});
desktopID, usersRoleID, folderID, lastID, userID, conn = session.connection;
//hd_user and Health Department role
userID=conn.lookup('uba_user', 'ID',{expression: 'name', condition: 'equal', values: {code: 'hd_user'}});
if (!userID) {
console.info('\t\tcreate new `hd_user` user');
userID = conn.insert({
entity: 'uba_user',
fieldList: ['ID'],
execParams: {
name: 'hd_user',
firstName: 'hd',
lastName: 'user',
uPasswordHashHexa: nsha256('salt' + 'hduser')
}
});
}
usersRoleID = conn.lookup('uba_role', 'ID', {expression: 'name', condition: 'equal', values: {name: 'HealthDepartment'}});
if(!usersRoleID)
{
......@@ -74,18 +107,30 @@ console.info('\t\tcreate new `HealthDepartment` role');
});
}
if (desktopID) {
console.info('\t\tprovide rights for `CityReq_desktop` to HealthDepartment role');
console.info('\t\tadd hd_user to Health department role');
conn.insert({
entity: 'ubm_desktop_adm',
execParams: {
instanceID: desktopID,
admSubjID: usersRoleID
entity: 'uba_userrole',
execParams: {
userID: userID,
roleID: usersRoleID
}
});
desktopID = conn.lookup('ubm_desktop', 'ID', {expression: 'code', condition: 'equal', values: {code: 'CityReq_desktop'}});
if(desktopID){
console.info('\t\tprovide rights for `CityReq_desktop` to HealthDepartment role');
conn.insert({
entity: 'ubm_desktop_adm',
execParams: {
instanceID: desktopID,
admSubjID: usersRoleID
}
});
lastID=conn.lookup('ubm_navshortcut', 'ID',{expression: 'code', condition: 'equal', values: {code: 'req_reqList'}});
console.info('\t\tprovide rights for `req_reqList` folder to HealthDepartment role');
if(lastID){
console.info('\t\tprovide rights for `req_reqList` shortcut to HealthDepartment role');
conn.insert({
entity: 'ubm_navshortcut_adm',
execParams: {
......@@ -93,35 +138,33 @@ console.info('\t\tprovide rights for `req_reqList` folder to HealthDepartment ro
admSubjID: usersRoleID
}
});
}
else{console.info('\t\tNOT provide rights for `CityReq_desktop` to HealthDepartment role');}
}
```
Execute the command `ubcli initialize -u admin -p admin -host http://localhost:888 -m RequestList` and reboot the UB Server.
Any of the ways add hd_user user and assign him the role of HealthDepartment.
<a name = 'els'></a>
# Entity level security
Create rules for a specific role so that department users can only read and update existing applications.
Create permissions to read and modify records for the req model in the menu Administrator ->Security -> Entity level security. The user of departments can not add or delete records.
![els](img/rbac/els.png)
}
//entity level security
console.info('\t\tprovide rights for `req*` entities to HealthDepartment role');
conn.insert({
entity: 'uba_els',
execParams: {
code: 'READ_UPD_REQ_HD',
entityMask: 'req*',
methodMask: '[su]*',
ruleType: 'A',
ruleRole: 'HealthDepartment',
description: 'Read and update RequestList model'
}
});
Entity mask are the names of entities that begin with req, Method mask method names that start with s and u (select and update)
Assign the same permissions to the HealthDepartment role.
```
Run the script with the `initialize` command
`ubcli initialize -u admin -p admin -host http://localhost:888 -m RequestList`
Reboot the UB server and check if rules are applied correctly.
If you want the `initialize` script not to execute some js-files, put the symbol _ at the beginning of the file name.
If you want to create a new project with already created users, roles and rights for them, the link is the complete code [here](https://git-pub.intecracy.com/unitybase/samples/blob/master/courses/cityPortal-v4/models/requests/_initialData/030_setRole_navshortcuts.js)
<a name = 'rls'></a>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment