As I wrote in the named queries post, 7.9.4 is about security, and this includes the ability to restrict when clients can do things that mutate the state of the gateway. This is done by enabling access based on the client’s roles and zones (or disabling access altogether) for about a dozen different areas.
As a module author, you can opt in to this security system. Here’s what you need to know:
- Mark gateway functions or classes that need protection with the new @ClientProtected(id=“myId”) annotation. The gateway will then allow access to that function only if the client has the proper zones and roles.
- In your designer hook, override createPermissionKeys() to return a map of your permission id’s (“myId” in this case) and their associated bundle key.
- Your properties file should have two entries for this bundle key:
- Designer module hooks that don’t subclass AbstractDesignerModuleHook will need to implement createPermissionKeys() even if permission keys are not used. Returning null is fine. If you subclass AbstractDesignerModuleHook, there’s nothing additional you need to do if you’re not opting in to the client permission system.