Skip to content

Roles & Permissions


This Walkthrough Tutorial part will show how to create and allocate Roles & Permissions.

We assume that you already have the required knowledge on how to create an Application, design a Business Model, create new Forms etc. If not, please watch this tutorial and then come back.


Scope

In case we do not want all of our users to do the same actions, we use Roles & Permissions. For example, we want a simple employee (Role) only to view the products, the suppliers, the orders and also make some orders (Permissions), and on the other hand a manager, the director (Role), not only to be able to view all the above, but also to edit them. So, we distinguish the actions to Permissions, assign them to Roles and allocate these permissions to the forms and controller actions. At each form we select the permissions that can be done.


1. We create Permissions according to our needs 2. We create Roles 3. We assign the Permissions to Roles 4. We allocate the Permissions to our Forms & Controller Actions

Example

An employee can create an order, but only the director can make arrangements to this order (maybe remove an item).

So, our roles could be Employee and Director
And our permissions could be view and manage accordingly

Create Permissions

  • From the Models Tree select Configurationapp
  • Model app is displayed
  • From Configuration editor, select SecurityPermissions

Information

You will notice some Permissions have already been set for you, concerning the predesigned classes.

BOModel

  • Click Add (placed below permissions table)
  • Click inside the newly inserted row and type CanManageSuppliers for Name
  • Type the same for Description, but leave blanks between the words

Tip

We name the permissions as we want, but it is better to use names/words that indicate the actions and are easy to be comprehended by others
Φυσικά και μπορούμε να τα ονομάσουμε όπως θέλουμε, αλλά είναι πιο βολικό να δίνουμε ονόματα που είναι εύκολο να τα θυμόμαστε και που εξηγούν τι κανουν ώστε να είναι εύκολα κατανοητά και απο τους υπόλοιπους =========

Todo

Repeat for all the needed permissions which are:

  • Can View Suppliers
  • Can View Products
  • Can Manage Products
  • Can View Orders
  • Can Manage Orders
  • Can Create Orders

BOModel

Information

Let's assume/say that those who have permission:

  • CanView will be able only to view the forms but they won't be able to edit
  • CanManage will be able to view and edit the forms
  • CanCreate will be able only to create an order

Manage Roles

  • From Configuration editor, select SecurityRoles

  • There is already a Role named Administrator

  • Click inside the Permissions panel
  • A dropdown with the newly inserted permissions is displayed
  • Select the permissions one after another

BOModel

  • Hover the plus (+) placed at the bottom
  • Click New Role to insert a new one

BOModel

  • Name it Director
  • Director will be able to edit, so select the wanted permissions

BOModel

Todo

  • Insert Role Employee
  • Employee will be able only to view all the forms and create an order

BOModel

Note

If there is a problem with an order, only Director will be able to fix it - and of course Administrator

Reminder

Remember to Save your model.

Allocate Permissions

Lists

The next step is to select the permissions for each form. Let's start with the lists.

  • Open the SupplierList
  • Go to Controller
  • Uncheck Available To All Authenticated
  • Permissions area is displayed
  • Click inside
  • Select from the dropdown CanViewSuppliers and CanManageSuppliers

BOModel

BOModel

Information

This means that every Role who has one of these permissions, will be able to view this Form. == ΜΗΠΩΣ ΕΙΑΝΙ ΥΠΕΡΒΟΛΙΚΟ ?

Todo

Do the same for the other two lists.

At ProductList select the Permissions:

  • Can View Products
  • Can Manage Products

BOModel

At OrderList select the Permissions:

  • Can View Ordes
  • Can Manage Orders
  • Can Create Orders

BOModel

Details Forms

Now, it is time to insert the permissions to the DetailsForms.

  • Open SupplierForm
  • Go to Controller
  • At the Add Controller Action:
    • Uncheck Available To All Authenticated
    • Select permission CanManageSuppliers
  • At the Controller Action Edit:
    • Uncheck Available To All Authenticated
    • Select permissions CanManageSuppliers and CanViewSuppliers
  • At the Controller Action Save:
    • Uncheck Available To All Authenticated
    • Select CanManageSuppliers, since only those who have permission to manage a supplier can save the changes. At other roles, button save will either be disabled or hidden, based on what we will select at the Event On Click of the control [For more information, see notes below]
  • At the Controller Action Delete:
    • Select CanManageSuppliers, since only those who have permission to manage a supplier can delete a supplier

Notes

How to select if the control will be disabled or hidden:

  • Go to View of the Form
  • Select the button Save
  • Form Properties, go at EVENTS
  • Select the three dots besides On Click
  • A modal is displayed
  • At If the user is not in role select the wanted element from the dropdown. By default the selected is hide

BOModel

Todo

Do the same for the other two Details Forms, for every controller action.

ProductForm:

  • For Controller Actions Add, Save and Delete select permission CanManageProducts
  • For Controller Action Edit select permissions CanManageProducts and CanViewProducts

OrderForm:

  • For Controller Action: Add select permissions CanCreateOrders and CanManageOrders
  • For Controller Actions: Save and Delete select permission CanManageOrders
  • For Controller Action Edit select permissions CanManageOrders and CanViewOrders

Reminder

Save, Validate, Build and Run your application to see the results.

Tip

To check the permissions, create different accounts.
You will notice that:

  • an administrator will be able to view and edit everything
  • a director will be able to view and edit the 6 forms (Orders, Products, Suppliers details forms and lists)
  • an employee will view the 6 above forms, but will not see buttons such as Add, Save and Delete (Or they will be disabled if you select otherwise).

Changes from the Application

From the application you can manage the Roles using the path:

  • Username ie AdminAdministrationManage Roles
  • Username ie Admin ⇒ Administration ⇒ Manage Roles

From the application you can manage the Permissions using the path:

  • Username ie AdminAdministrationPermissions
  • Username ie Admin ⇒ Administration ⇒ Permissions

Notes

Changes can be done by those who have a Role that consist of the required Permissions, such as: - Manage Users - Manage Roles - Manage Permissions