Perspective Security on Component Action

#1

Hi,

This might be a blonde moment, but how can one implement Perspective permissions on the native action of a component, such as a toggle or numeric entry?

For a button, the permission is set on the event script.

For a toggle or numeric entry, no event script is required. The action is simply performed by the component through a bidirectional binding.

Is it necessary to make an event script on these components to effect security or am I missing something really obvious?

Thanks,
Deon

0 Likes

#2

You could bind the props.enabled property against some sort of expression which defines the permissions required.

for example, a binding against

self.session.props.auth.authenticated

would prevent use of the toggle/field unless the user has been authenticated. The logic to determine what requirements must be met is up to you.

As for the button, the permissions are a little different because the component does nothing until you define the action. This isn’t to say you can’t enforce the same enabled bindings, but some users provide Script events for the onMouseClicked event, which fires whether the button is enabled or not.

0 Likes

#3

Hi Cody,

I’m not a fan of disabling a control based on security, as the user may think the button is not available due to a different condition. The built in security notification is ideal.

I’m trying to make a plan using the onActionPerformed event, but may have found a bug. Steps below:

  1. Place component and configure 2 scripts for onActionPerformed
  2. Place some code in the first script and secure it with an authenticated permission
  3. Place some code in the second script and leave it at public
  4. If you perform the action while not authenticated, neither of the scripts execute. I would expect the first, secured, script to bomb out and then the second, public, script to execute

Tested on toggle and button. See attached view. Is this expected behaviour?

Regards,
Deon

TestScriptSecurity.zip (3.4 KB)

0 Likes

#4

Hi Cody,

Is the behaviour described above w.r.t. to multiple components events expected or is it a bug?

Regards,
Deon

0 Likes

#5

It’s not expected and it’s not a bug. It’s a valid feature request and it wouldn’t break anything for anyone, so by all means go ahead and supply it through the ideas forum.

Some problems I see coming from it being implemented though are how those security restrictions are applied. Is a specified security restriction applied to ALL events, or does each event require its own security restriction (rhetorical - just thinking out loud)?

I’m bugging this right now - I’m not sure why I never got a notification for the response in question.

0 Likes

#6

Ticket 15216, should you ever need to reference the multiple-action-for-single-event issue.

0 Likes

#7

Thanks, I’ll keep an eye out for it

0 Likes