Defining permissions

The Products module uses permissions. The permissions specify the actions that can be executed by a specific role. To implement the permissions in the module, you must perform the following:

1. In the ProductsModule project, open the ProductsDataProvider.cs file.

2. In the ProductsDataProvider calss, override the SupportedPermissionSets property in the following way:

   private string[] supportedPermissionSets = new string[] { ProductsConstants.Security.PermissionSetName, SecurityConstants.Sets.Comments.SetName };

    

   public override string[] SupportedPermissionSets

   {

       get

       {

           return this.supportedPermissionSets;

       }

    

       set

       {

           this.supportedPermissionSets = value;

       }

   }

3. Override the SetRootPermissions method in the following way:

   public override void SetRootPermissions(SecurityRoot root)

   {

       if (root.Permissions != null || root.Permissions.Count > 0)

       {

           root.Permissions.Clear();

       }

    

       var appRoles = Config.Get<SecurityConfig>().ApplicationRoles;

       var everyoneRoleId = appRoles[SecurityConstants.AppRoles.Everyone].Id;

       var authorsRoleId = appRoles[SecurityConstants.AppRoles.Authors].Id;

       var editorsRoleId = appRoles[SecurityConstants.AppRoles.Editors].Id;

    

       // comments

       var permissionsForEveryoneToCreateComments = this.CreatePermission(SecurityConstants.Sets.Comments.SetName, root.Id, everyoneRoleId);

       permissionsForEveryoneToCreateComments.GrantActions(false, SecurityConstants.Sets.Comments.View, SecurityConstants.Sets.Comments.Create);

       root.Permissions.Add(permissionsForEveryoneToCreateComments);

    

       var editorsPermissionsForComments = this.CreatePermission(SecurityConstants.Sets.Comments.SetName, root.Id, editorsRoleId);

       editorsPermissionsForComments.GrantActions(

           false,

           SecurityConstants.Sets.Comments.Modify,

           SecurityConstants.Sets.Comments.Delete,

           SecurityConstants.Sets.Comments.ChangeOwner);

       root.Permissions.Add(editorsPermissionsForComments);

    

       // Products

       var permissionsforEveryoneToViewProducts = this.CreatePermission(ProductsConstants.Security.PermissionSetName, root.Id, everyoneRoleId);

       permissionsforEveryoneToViewProducts.GrantActions(false, ProductsConstants.Security.View);

       root.Permissions.Add(permissionsforEveryoneToViewProducts);

    

       var permissionsForOwnersToModifyAndDeleteProducts = this.CreatePermission(ProductsConstants.Security.PermissionSetName, root.Id, SecurityManager.OwnerRole.Id);

       permissionsForOwnersToModifyAndDeleteProducts.GrantActions(false, ProductsConstants.Security.Modify, ProductsConstants.Security.Delete);

       root.Permissions.Add(permissionsForOwnersToModifyAndDeleteProducts);

    

       var editorsPermissionsForProducts = this.CreatePermission(ProductsConstants.Security.PermissionSetName, root.Id, editorsRoleId);

       editorsPermissionsForProducts.GrantActions(

           false,

           ProductsConstants.Security.Create,

           ProductsConstants.Security.Modify,

           ProductsConstants.Security.Delete,

           ProductsConstants.Security.ChangeOwner);

       root.Permissions.Add(editorsPermissionsForProducts);

    

       var authorsPermissionsForProducts = this.CreatePermission(ProductsConstants.Security.PermissionSetName, root.Id, authorsRoleId);

       authorsPermissionsForProducts.GrantActions(false, ProductsConstants.Security.Create);

       root.Permissions.Add(authorsPermissionsForProducts);

   }

To use permissions, your model class must implement the ISecuredObject interface. For more information, see Creating the data persistent class.