Authorization Content Types
Authorizations grant user's access to COMAND repository objects, fields and methods.
Authorizations are defined per User Role, and one or more User Roles can be associated with a User.
Authorizations are additive. That is, all of a User's Authorizations are combined to grant access to a set of objects, fields and methods. If one Authorization grants access, another can not take it away, so the order Authorizations are created and applied has no affect.
Privilege
A Privilege defines a type of access that may be granted, and the following common set of privileges are enforced by the COMAND API.
- Read - Access objects, fields, field values and methods.
- Create - Create new objects.
- Update - Update existing objects and field values.
- Delete - Remove existing objects and field values.
- Execute - Execute object methods.
A COMAND App can leverage these common privileges to control or determine what information is accessible to it's users. Additional privileges can also be defined and used by one or more apps for their own purposes, but they will be ignored by the COMAND API.
- Nothing
Title (Identifier) | Type | Properties | Description |
---|---|---|---|
Identifier | (Data Type) Text Line | Unique | Name of privilege, as it will be referenced in scripts and code. |
Labels & Help | (Layout Type) Tab | Groups meta-data fields into the second tab. | |
Title | (Data Type) Text Line | Friendly name of the privilege, if different than Identifier. | |
Help | (Data Type) Rich Text Box | Summary of privilege's purpose. | |
Icon | (Data Type) Image | Image that represents the privilege. Typically a 16x16 PNG, but can be any size and standard web image format (GIF, JPEG, PNG or SVG). |
Displays the privilege Title if it exists, otherwise the Identifier.
Authorization Types
Different types of authorizations assign privileges for different criteria. For example, one type of authorization may assign privileges to specific objects, while another may assign priviledges to fields. The following types are part of the COMAND Core, but may be extended for more options.
Authorization
The base class that all other Authorization Types extend. It provides an interface to implement authorizations types in a way that is extendable. It does not define any fields.
- Nothing
Need to fill out interface methods here.
Content Type Authorization
Assigns privileges to objects of one or more content types. Privileges can be assigned to the objects themselves, as well as specific fields.
Additinally, a "Global" option is available to assign privledges to objects that are accessed directly (not from a field value or field collection).
- Nothing
Title (Identifier) | Type | Properties | Description |
---|---|---|---|
Privileges | (Content Type) Privilege | Ref, List | Privileges to authorize for the specified content types. |
Types | (Content Type) Content Type | Ref, List | Content Types to authorize with the specified privileges. |
Fields | (Content Type) Field Authorization | List | Optional field authorizations for this type. |
Displays the object's type Summary in parenthesis followed by the Title if it exists, otherwise the Identifier.
// allow read access to Images
$cta = $repo->new_object( "ContentTypeAuthorization" );
$cta->privileges = $repo->get( "[:Privilege]Read" );
$cta->types = $repo->get( "[:ContentType]Image" );
Content Authorization
Assigns privileges to objects in a collection specified by a cPath. Privileges can be assign to the objects themselves, as well as specific fields.
- Nothing
Title (Identifier) | Type | Properties | Description |
---|---|---|---|
Privileges | (Content Type) Privilege | Ref, List | Privileges to authorize for the specified content types. |
cPath | (Data Type) Text Line | cPath to collection of objects to authorize with the specified privileges. | |
Fields | (Content Type) Field Authorization | List | Optional field authorizations for the collection of objects. |
// allow read access to /Content folder
$ca = $repo->new_object( "ContentAuthorization" );
$ca->privileges = $repo->get( "[:Privilege]Read" );
$ca->cpath = "/Content";
Field Authorization
Field Authorizations are defined within a Content Type Authorization or Content Authorization to assign privileges to specific fields within the set of objects they define.
// allow read access to the Title field in Web Page content
$fa = $repo->new_object( "FieldAuthorization" );
$fa->privileges = $repo->get( "[:Privilege]Read" );
$fa->fields = $repo->get( "[:ContentType]WebPage.Fields/Title" );
$cta = $repo->new_object( "ContentTypeAuthorization" );
$cta->privileges = $repo->get( "[:Privilege]Read" );
$cta->types = $repo->get( "[:ContentType]WebPage" );
$cta->fields[] = $fa;
Field Type Authorization
Field Type Authorizations are defined within a Content Type Authorization or Content Authorization to assign privileges for a certain content types in a specific field or fields.
// allow read access to Images in the /Content folder
$fta = $repo->new_object( "FieldTypeAuthorization" );
$fta->privileges = $repo->get( "[:Privilege]Read" );
$fta->fields = $repo->get( "[:ContentType]Folder.Fields/Contents" );
$fta->types = $repo->get( "[:ContentType]Image" );
$ca = $repo->new_object( "ContentAuthorization" );
$ca->cpath = "/Content";
$ca->fields[] = $fta;