Permissions can be granted to site, group and application levels to control access to each area of the community. The platform allows you to create and define your own set of permissions. These permissions contain default configurations and can be later configured by a group owner or administrator.
[toc]
Why Should I Create Permissions?
When creating a solution that requires the platform to grant or restrict access to users on a site, group, or application level, then an IPermissionRegistar can be implemented.
Creating a Permission
To add support for creating permissions you need to implement the IPermissionRegistar interface. The IPermissionRegistrar must be implemented along with the IPermission interface and is defined in the Telligent.Evolution.Extensibility.Security.Version1 namespace of Telligent.Evolution.Core.dll.
using System;
using Telligent.Evolution.Api.Content;
using Telligent.Evolution.Extensibility.Security.Version1;
namespace Samples
{
public class SamplePermissions : IPermissionRegistrar
{
#region IPlugin
//...
#endregion
#region IPermissionRegistrar
//...
#endregion
}
public class SamplePermission : IPermission
{
//...
}
}
Setup the RegisterPermissions method and begin by generating a new Guid for the permission ID. If creating a custom application make sure the application ID matches the one that was created. In this sample a generic ID was applied. Select a meaningful name and description. Then determine the default configuration by creating a new PermissionConfiguration.
The PermissionConfiguration sets the default configuration that is applied to each group type. Default permissions are automatically setup when the plugin is enabled. The group types are configured by implementing JoinlessGroupPermissionConfiguration for Joinless groups and MembershipGroupPermissionConfiguration for all other group types. A Boolean value will determine if the Everyone, Managers, Members, Owners and RegisteredUsers roles will be assigned your permission.
public void RegisterPermissions(IPermissionRegistrarController permissionController)
{
permissionController.Register(new SamplePermission(
new Guid("29547B66-9D04-4659-A010-5A861A0CBFCC"),
"Create Content",
"Enables users to create content.",
ContentTypes.GenericContent,
new PermissionConfiguration
{
Joinless = new JoinlessGroupPermissionConfiguration { Administrators = true, Owners = true },
PublicOpen = new MembershipGroupPermissionConfiguration { Owners = true },
PublicClosed = new MembershipGroupPermissionConfiguration { Owners = true },
PrivateListed = new MembershipGroupPermissionConfiguration { Owners = true },
PrivateUnlisted = new MembershipGroupPermissionConfiguration { Owners = true },
}));
//Register more permissions
}
To register a permission an IPermission needs to be implemented. A Guid ID is a unique for each permission. Select a name and description that describes the permission you are creating. An applicationTypeId is an ID from a predefined application. Finally the PermissionConfiguration is the default configuration for the permission mentioned earlier.
public class SamplePermission : IPermission
{
public SamplePermission(Guid id, string name, string description, Guid applicationTypeId, PermissionConfiguration defaultConfiguration)
{
Id = id;
Name = name;
Description = description;
ApplicationTypeId = applicationTypeId;
DefaultConfiguration = defaultConfiguration;
}
public Guid Id { get; private set; }
public string Name { get; private set; }
public string Description { get; private set; }
public Guid ApplicationTypeId { get; private set; }
public PermissionConfiguration DefaultConfiguration { get; private set; }
}
Here is the complete sample.
using System;
using Telligent.Evolution.Api.Content;
using Telligent.Evolution.Extensibility.Api.Entities.Version1;
using Telligent.Evolution.Extensibility.Content.Version1;
using Telligent.Evolution.Extensibility.Security.Version1;
namespace Samples
{
public class SamplePermissions : IPermissionRegistrar
{
#region IPlugin
public string Name
{
get { return "Sample Permissions"; }
}
public string Description
{
get { return "This plugin will demo how the IPermissionRegistrar works"; }
}
public void Initialize()
{
//No initialization required for IPermissionRegistrar
}
#endregion
#region IPermissionRegistrar
public void RegisterPermissions(IPermissionRegistrarController permissionController)
{
permissionController.Register(new SamplePermission(
new Guid("29547B66-9D04-4659-A010-5A861A0CBFCC"),
"Create Content",
"Enables users to create content.",
ContentTypes.GenericContent,
new PermissionConfiguration
{
Joinless = new JoinlessGroupPermissionConfiguration { Administrators = true, Owners = true },
PublicOpen = new MembershipGroupPermissionConfiguration { Owners = true },
PublicClosed = new MembershipGroupPermissionConfiguration { Owners = true },
PrivateListed = new MembershipGroupPermissionConfiguration { Owners = true },
PrivateUnlisted = new MembershipGroupPermissionConfiguration { Owners = true },
}));
permissionController.Register(new SamplePermission(
new Guid("E95D35C4-9463-478A-AE2E-C1361B9B6162"),
"Delete Content",
"Enables users to delete content.",
ContentTypes.GenericContent,
new PermissionConfiguration
{
Joinless = new JoinlessGroupPermissionConfiguration { Administrators = true, Owners = true },
PublicOpen = new MembershipGroupPermissionConfiguration { Owners = true },
PublicClosed = new MembershipGroupPermissionConfiguration { Owners = true },
PrivateListed = new MembershipGroupPermissionConfiguration { Owners = true },
PrivateUnlisted = new MembershipGroupPermissionConfiguration { Owners = true },
}));
permissionController.Register(new SamplePermission(
new Guid("0A26505B-BFE4-43DF-AF11-7A2E7D023B50"),
"Edit Content",
"Enables users to edit content.",
ContentTypes.GenericContent,
new PermissionConfiguration
{
Joinless = new JoinlessGroupPermissionConfiguration { Administrators = true, Owners = true },
PublicOpen = new MembershipGroupPermissionConfiguration { Owners = true },
PublicClosed = new MembershipGroupPermissionConfiguration { Owners = true },
PrivateListed = new MembershipGroupPermissionConfiguration { Owners = true },
PrivateUnlisted = new MembershipGroupPermissionConfiguration { Owners = true },
}));
}
#endregion
}
public class SamplePermission : IPermission
{
public SamplePermission(Guid id, string name, string description, Guid applicationTypeId, PermissionConfiguration defaultConfiguration)
{
Id = id;
Name = name;
Description = description;
ApplicationTypeId = applicationTypeId;
DefaultConfiguration = defaultConfiguration;
}
public Guid Id { get; private set; }
public string Name { get; private set; }
public string Description { get; private set; }
public Guid ApplicationTypeId { get; private set; }
public PermissionConfiguration DefaultConfiguration { get; private set; }
}
}
This is how the permission are displayed in the group administration panel under Manage Group > Permissions > {Site/Group Role Tab} > {Role}.
Fine tuning permissions
There are times when granting permissions isn't "all or nothing". For example, in an out-of-the-box installation, a user is allowed to edit their own forum posts, but only for a limited time. With a simple permission, the forum application would have to either grant the user the ability to edit all forum posts at all times or never edit any forum posts at any time. The ILogicPermission interface is the solution for this type of scenario.
This sample uses a Func<> delegate to represent the IsGranted method. This allows your implementation of the IPermissionRegistrar to have control of the ILogicPermission implementation.
public class SampleLogicPermission : SamplePermission, ILogicPermission
{
private readonly Func<User, IContent, bool, bool> _isGrantedFunction;
public SampleLogicPermission(Guid id, string name, string description, Guid applicationTypeId, PermissionConfiguration defaultConfiguration)
: base(id, name, description, applicationTypeId, defaultConfiguration) { }
public bool IsGranted(User user, IContent content, bool isGrantedBySystem)
{
return _isGrantedFunction(user, content, isGrantedBySystem);
}
}