Permissions can be granted to site, group and application levels to control access to each area of the community. The platform allows you to create and define your own set of permissions. These permissions contain default configurations and can be later configured by a group owner or administrator.
[toc]
Why Should I Create Permissions?
When creating a solution that requires the platform to grant or restrict access to users on a site, group, or application level, then an IPermissionRegistar can be implemented.
Creating a Permission
To add support for creating permissions you need to implement the IPermissionRegistar interface. The IPermissionRegistrar must be implemented along with the IPermission interface and is defined in the Telligent.Evolution.Extensibility.Security.Version1 namespace of Telligent.Evolution.Core.dll.
Setup the RegisterPermissions method and begin by generating a new Guid for the permission ID. If creating a custom application make sure the application ID matches the one that was created. In this sample a generic ID was applied. Select a meaningful name and description. Then determine the default configuration by creating a new PermissionConfiguration.
The PermissionConfiguration sets the default configuration that is applied to each group type. Default permissions are automatically setup when the plugin is enabled. The group types are configured by implementing JoinlessGroupPermissionConfiguration for Joinless groups and MembershipGroupPermissionConfiguration for all other group types. A Boolean value will determine if the Everyone, Managers, Members, Owners and RegisteredUsers roles will be assigned your permission.
To register a permission an IPermission needs to be implemented. A Guid ID is a unique for each permission. Select a name and description that describes the permission you are creating. An applicationTypeId is an ID from a predefined application. Finally the PermissionConfiguration is the default configuration for the permission mentioned earlier.
Here is the complete sample.
This is how the permission are displayed in the group administration panel under Manage Group > Permissions > {Site/Group Role Tab} > {Role}.
Fine tuning permissions
There are times when granting permissions isn't "all or nothing". For example, in an out-of-the-box installation, a user is allowed to edit their own forum posts, but only for a limited time. With a simple permission, the forum application would have to either grant the user the ability to edit all forum posts at all times or never edit any forum posts at any time. The ILogicPermission interface is the solution for this type of scenario.
This sample uses a Func<> delegate to represent the IsGranted method. This allows your implementation of the IPermissionRegistrar to have control of the ILogicPermission implementation.