Security subsystem

Security subsystem

DWKit has a default in-built security system based on such notions as User (can be combined in Groups of users), Role, Permissions (combined groups). All objects of the security system are edited in the Security of Admin application section and stored in the database in tables, whose names begin with dwSecurity....

Programmatic access to the security system on the server side is performed via the SecurityProvider. If necessary, you can integrate DWKit with an existing security system. To do this, create a class inheriting the ISecurityProvider interface and specify the instance of your class upon configurtion of the DWKitRuntime. After that, you will be able to get access to the profiles of authorized users and check permissions.

var user = DWKitRuntime.Security.CurrentUser;
if (!await DWKitRuntime.Security.CheckFormPermission(name, "Edit"))
{
    throw new Exception("Access denied!");
}

Checking permissions

A User can be connected with a Role directly or via a group of users. A Role is connected with permissions including one of the three available types of access:

  • Inherited - the same as not defined. Does not influence whether an operation is permitted or forbidden.
  • Permitted
  • Forbidden

As far as a user can be connected with several roles, and there can be different types of access specified for the same permission in each role, the following rules should be applied when defining the final type of access:

  • In case there is at least one Permitted type and not a single Forbidden type in the types of access, the final type of Permission is Permitted.
  • In the rest of the cases, the final type of Permission is Forbidden.

To carry out automatic checking of access to a form in the Form editor from the Admin application, you can bind the Form to one of the Permission groups. At the same time, such a Permission group should necessarily have two special permissions with the following names:

  • 'View' - permission to view a form
  • 'Edit' - permission to edit a form

These two permissions will be checked automatically. However, note that you can specify other permissions in the Permission group connected to a Form, and check them, using the DWKitRuntime.Security.CheckFormPermission(name, "Edit") method.

Besides, all permissions connected to a form will be automatically uploaded to the client upon requesting the form. You can get access to them via a global state of the client application or by writing an expression in the form control in case you want to hide or disable controls, depending on types of permissions.