Has permission
The Behaviour type Has permission checks in the context of a form the authorizations of the Role of session against a positive list in the Permissions parameter.
Regardless of the result of the check, any input data ($input) of the behaviour is passed on to the actions:
Actions on 'true' will be performed if the role used in the current session grants at least one of the Permissions listed in rows.
Actions on 'false' will be performed if none of the listed Permissions are granted by the role used in the current session.
►IMPORTANT◄ The check only refers to the general state of a permission that is defined by the Role. The influence of Company authorizations in connection with ownership and involvement in a specific object is therefore not reflected in the check result. If the Role of session allows the deletion of Shipments, then the check result regarding 'Delete' (delete) is also positive if a shipment is selected in the entry form, which the Company of session is allowed to read but may not delete due to lack of company authorization or involvement.
Editing the 'Permissions' parameter:
The parameter is designed as a multi-line, scalable text field in which each row must represent a relative or absolute permission path in the system's internal notation.
Absolute paths define an unbroken chain of nodes in the permission hierarchy that begins at the root (that is, with a slash '/').
Relative paths can only be used in the context of an entry form. Then, the permission node for the respective entity type serves as the point of origin for a single- or multi-level path.
Both types of paths can end not only with the name of an individual permission, but also with the name of a permission node featuring direct an possibly indirect child elements. In this case, the check recognizes each of the child permissions as 'matches', so that the Actions on 'true' are executed if the role grants any child permission of the node.
Basically, the Permissions parameter can be edited directly as text. However, it is recommended to use the selection dialog available via the Select button to ensure that only valid paths appear in the text.
|
|
The selection dialog visualizes the permission hierarchy as a tree structure similar to the entry form for Roles in which any nodes or permissions can be selected and deselected. The use of the selection functions, i.e. in combination with the search function, works as described there.
Example: Starting from an initially empty field for permissions, clicking Apply in the example on the left produces the following result:
If another line is added to this list with the entry '/document/print' (for 'Document/Print'), a role is checked if it has permission for any of the numerous output formats in the 'Print' node (for Documents), although the 'Print' node in the tree is still displayed as empty the next time Select is clicked. |
|
|
The check in the example on the left specifies two permission nodes in relative paths in the Permissions parameter. With this configuration, the behaviour could be used in the context of Input forms for different business object types, in order to globally check if the Role of session grants any access to entries for Working state or Tracking state for the respective business object type. However, the selection dialog displayed by clicking Select would not indicate any selection for this configuration. |
