permissions on modules

[Aldo]

Hi,

I have some issues applying the right permissions on custom modules
(not related to Entities).
I am using the MetaUI DB App and am doing the following:

Application.oss: I am defining a new module

@module=myapp.module.MyCustomerHome {
@layout=Main {
after:zTop;
label:"Welcome to Your Home!";
component:HomeContent;
}
}

And creating a Permission named: myapp.module.MyCustomerHome:view
Which is associated to a group CustomerUsers

I am expecting that the default permission based UI mechanism shows me
this module when I am logging using a user part of the group
CustomerUsers.
Unfortunately, the module does not show up in the tabs.

When I comment the following in ariba/appcore/rules.oss
visible:${ariba.appcore.User.currentUser().hasPermissions
(properties.requiredPermissionIds, false)}

The module shows up what means that it is well defined,

Where am I wrong ?

Thanks,
Aldo

[Craig Federighi]

Hi Aldo,

As you've noticed, your module (as all modules) is inheriting this rule:

module {
    requiredPermissionIds:$${ariba.appcore.Initialization.moduleClassViewPermissions(this)}
    visible:${ariba.appcore.User.currentUser().hasPermissions(properties.requiredPermissionIds, false)}
}

So, the set of permissions its look for is from ariba.appcore.Initialization.moduleClassViewPermissions().

Looking at that method you'll see:

...        String [] types = {"homeForClasses", "showsClasses" };

...                                Permission.nameForClassOp((String)object, Permission.ClassOperation.view));

I.e. it's assembling the list of "view" permissions for the classes defined on the module's homeForClasses and showsClasses properties.  Of course, in the case of your custom module, any defined...

You could solve your problem by adding this property decl:

@module=myapp.module.MyCustomerHome {

homeForClasses: [myapp.module.MyCustomerHome];

...

Still, that's a bit bogus: the "classes" here really are supposed to be @Entity style domain classes, not module names.

Better would be to change the list of permissions that the visibility rule is looking for (which you'll notice in the rule from appcore is 'requiredPermissionIds').  So, you could do this:

@module=myapp.module.MyCustomerHome {

    requiredPermissionIds:

$${[ariba.appcore.PermissionSet.idForPermissionName("myapp.module.MyCustomerHome:view")]};

...

Of course, you don't really need to use this ":view" convention for your module permission, and you don't need to use a class-style name for your module name, so you could write:

@module=.MyCustomerHome {

    requiredPermissionIds:

$${[ariba.appcore.PermissionSet.idForPermissionName("module.MyCustomerHome")]};

...

- craig

[Craig Federighi]

Aldo,

One more thing...

In an upcoming drop we'll change the appcore module rule to only apply to auto created Entity modules (i.e. for those with the @NavModule annotation), so your custom module will show up by default without any permissions.  We'll also check a "requiredPermissions:" property that, if defined, will do the name to id lookup for you

With these changes, you'll be able to write:

@module=MyCustomerHome {

...

and your module will show up.

And 

@module=MyCustomerHome {

requiredPermissions:[CanSeeCustomerHomePermission];

If you want it to be visible only if the user has the specified permission(s).

- craig

[Adalbert Wysocki]

Thanks Craig!
I will give it a try tonight.

Adalbert