Role Based Configuration

Owned by Xiaoyan Kong (Unlicensed)
Last updated: Oct 24, 2012Version comment
4 min read

Roles for the logged in user are stored as part of the UserDetails stored in the Reference Framework’s Security Manager. These roles are filled in by the Reference Framework SecurityService during login. For more details see Reference Framework Security configuration.


Home Page
The Reference Framework home page configuration allows for the configuration of a more than home page that is to be loaded based on the role of the logged in user.

Attribute
•    role - specifies the role(s) for which the home page is to be used.

Notes
If no role is specified the homepage is used for the logged in user.
If more than one home page is configured with the same role (or no role), then the first home page matching role will be used.

Example

<homepageConfig>
     <homepage pageId="homepageAdmin" role="ROLE_ADIM"/>
     <homepage pageId="homepageExec" role="ROLE_EXEC"/>
     <homepage pageId="homepageUser" role="ROLE_USER"/>
 </homepageConfig>

Shortcuts
The Reference Framework provides ability to configure whether or not a short cut key is available to the logged in user based on their assigned role.

Attribute
•    role - specifies the role(s) valid for executing the shortcut
   
Notes
If no role is specified then the shortcut is valid for the logged in user.

Example

<shortcut key="F5" onCommand="PageManager.loadPage( 'companyOverview' )" role="ROLE_USER"/>
<shortcut key="F6" onCommand="PageManager.loadPage( 'statusReport' )" role="ROLE_ADMIN"/>

Menu Items
The Reference Framework provides a means of controlling the presentation of a menu item through the use of roles.  Menu items can be made to be invisible or disabled based on the role of the logged in user.

Attribute
•    role - specifies the role(s) required to make the menu item visible
•    roleVisible - specifies the role(s) required for the menu item to be visible
•    roleEnabled - specifies the role(s) required for the menu item to be enabled
   
Notes
The role attribute and roleVisible attribute work the same.  The role attribute exists for compatibility.
If no role or roleVisible attribute is set then the menu item will be visible by default.
If the roleEnabled attribute is not set, then the menu item will be enabled by default.

Example

<menuGroups>
     <menuGroup name="samplesMenu" text="Nexaweb Samples>
         <item name="samplesMenu.page1" onCommand="page:page2.load()" role="ROLE_ADMIN" text="Page 1"/>
         <item name="samplesMenu.page2" onCommand="page:page2.load()" roleVisible="ROLE_ADMIN" text="Page 2"/>
         <item name="samplesMenu.page3" onCommand="page:page3.load()" roleEnabled="ROLE_USER" text="Page 3"/>
     </menuGroup>
 </menuGroups>

Command Buttons
The Reference Framework provides a means of controlling the presentation of a menu item through the use of roles.  Menu items can be made to be invisible or disabled based on the role of the logged in user.

Attribute
•    role - specifies the role(s) required to make the button visible
•    roleVisible - specifies the role(s) required for the button to be visible
•    roleEnabled - specifies the role(s) required for the button to be enabled

Notes
The role attribute and roleVisible attribute work the same.  The role attribute exists for compatibility.
If no role or roleVisible attribute is set then the button will be visible by default.
If the roleEnabled attribute is not set, then the button will be enabled by default.

Example

<commandbar>
    <button image="/images/button1.png" name="cmdButton1" onCommand="mco:cmdMco.handleButton1()" tooltip="First Button"
            role="ROLE_ADMIN"/>
    <button image="/images/button2.png" name="cmdButton2" onCommand="mco:cmdMco.handleButton2()" tooltip="Second Button"
            roleVisible="ROLE_ADMIN"/>
    <button image="/images/button3.png" name="cmdButton3" onCommand="mco:cmdMco.handleButton3()" tooltip="Third Button"
            roleEnabled="ROLE_USER"/>
</commandbar>

Pages
The Reference Framework provides control over loading a page, or whether it can be edited through the use of roles.
 
Attribute
•    roleOpen - specifies the role(s) valid for opening the page
•    roleReadOnly - specifies the role(s) that will open the page as read-only
   
Notes
If the roleOpen attribute is not set, then the logged in user will be allowed to open the page.
If the roleReadOnly attribute is not set, then the page will be open as editable.  

Example
     

<page name="page1" title="Page 1" xal="/XAL/pages/Page1.xal" roleOpen="ROLE_ADMIN"/>
<page name="page2" title="Page 2" xal="/XAL/pages/Page2.xal" roleReadOnly="ROLE_USER"/>

Components
The Reference Framework provides a means for controlling behavior for individual components through the use of roles.   Roles can be used to control visibility,  whether or not a control is enabled or whether or not a control is read only.

Attribute
•    roleEnabled - specifies the role(s) required to make a component enabled
•    roleVisibile - specifies the role(s) required to make a component visible
•    roleReadOnly - specifies the role(s) required to make a component read onlyle
•    rolePolicy- specifies how the policy is applied.

valid value: allow|deny

Notes
If the roleEnable attribute is not set, the component will be enabled
If the roleVisible attribute is not set, the component will be visible
If the roleReadOnly attribute is not set, the component will be editable 

Examples

<button height="25px" roleEnabled="ROLE_ADMIN" text="Run Report" width="100px" x="36px" y="205px"/>
<button height="25px" roleVisible="ROLE_ADMIN" text="Run Report" width="100px" x="36px" y="205px"/>
<button height="25px" roleReadOnly="ROLE_ADMIN" text="Run Report" width="100px" x="36px" y="205px"/>
<textField roleReadOnly="ROLE_ADMIN" height="25px" width="200px" x="49px" y="251px"/>

For a button with this setting:

<button text="Push Me" roleVisible="ROLE_DEPT_A" rolePolicy="deny"/>

For user with different roles, the button will be visible/invisible as below table displays:

rolePolicy value

allowdeny
user has a role of ROLE_DEPT_Avisibleinvisible
user has a role that is not ROLE_DEPT_A; eg. ROLE_DEPT_Binvisiblevisible


Page Navigation
The Reference Framework provides control over the page navigation by allowing which page to load based on the role of the logged in user.

Attribute
•    role - specifies the role(s) indicating the page to be loaded as the next or previous page.
   
Notes
If the role attribute is not set then the page will be loaded as the next or previous page as specified in the configuration.
If more than one configuration contains a matching role, including no role set, then the first configuration will be used.

Example

<page name="page1" title="Page 1" xal="/XAL/pages/Page1.xal" roleOpen="ROLE_ADMIN">
     <navigation>
          <nextPage pageId=”pageA” role=”ROLE_ADMIN”/>
          <nextPage pageId=”pageB” role=”ROLE_USER”/>
          <prevPage pageId=”pageC” role=”ROLE_ADMIN”/>
          <prevPage pageId=”pageD” role=”ROLE_USER”/>
     </navigation>
</page>