Modifying Permission Dialog

[Vinith-kumar47]

Hi,
Can anyone help me on this below point.

I want to update the userPermission dialog like this.
View Add Update Delete
NorthWind: Customer CheckBox CheckBox CheckBox CheckBox

I have removed the tree structure and modified the UserPermissiondialog like the above. But the functionalities is not working as expected.
If I give Add permission, it will automatically have the access of update and Delete permission.
Could you please assist me in resolving this issue? Any guidance or examples of similar implementations would be highly appreciated.

Thanks,
Vinith

[LSNicholls]

Hi,

I am responding here because you asked me to in another thread. But honestly I don't know much about this.

Here is my first reaction: Have you put any additional instructions about Permissions in the modules themselves? For example, the ModifyPermission given to a particular key would include Insert/Update/Delete, causing the behavior you describe. You would want to change this to explicitly assign InsertPemission, UpdatePermission, and DeletePermission to specific keys, normally in each associated *Row.cs file.

I am not clear on how your changes to the dialog are reflected in the UserPermissions table. What do you see there?

IOW: How have you associated each of your checkboxes with permissions? How does Serenity know that your "Add" checkbox corresponds to InsertPermission?

Second, I am not sure what type of behavior you are describing. When you say "it will automatically have access of update and Delete", which of the following do you mean:

[1] "the dialog automatically checks the additional checkboxes" (either immediately or when you save and re-enter the dialog you see this) or
[2] "the dialog looks correct, but when I test as the user, I see that the user has these additional permissions"

?

if 1, there must be something in your modifications to PermissionCheckEditor.ts that isn't right, or is not completely consistent with the changes you've made to the dialog so far.

if only 2, then there could be lots of reasons, I guess: could this have something to do with implicit permissions, either explicitly assigned if you are using StartSharp (see https://serenity.is/docs/startsharp/features/implicitly-granted-permissions) or via roles that the user belongs to?

Some additional questions/thoughts about what you are doing:

• You said you are removing the tree structure from the dialog. But, are you also removing the ability to Revoke along with Grant for each row? Are you sure you want to do this?

• Could "removing the tree structure" possibly cause some problems? I am not sure exactly what you did to make this change, since the "tree structure" (as far as I know) is only maintained by the structure of the permission keys' names, with colons to separate levels (see https://serenity.is/docs/howto/how_to_register_permissions_in_serene).

I hope these thoughts will help you narrow down your problem.

[Vinith-kumar47]

Hi LSNicholls,

Thanks for your response.

1.Here is my first reaction: Have you put any additional instructions about Permissions in the modules themselves? For example, the
ModifyPermission given to a particular key would include Insert/Update/Delete, causing the behavior you describe. You would want to
change this to explicitly assign InsertPemission, UpdatePermission, and DeletePermission to specific keys, normally in each associated
Row.cs file.
=> I didn't add any additional instructions to permissions in the modules. MyRow.cs file will look like this.
[ReadPermission(PermissionKeys.Languages.View)]
[UpdatePermission(PermissionKeys.Languages.Update)]
[InsertPermission(PermissionKeys.Languages.Add)]
[DeletePermission(PermissionKeys.Languages.Delete)]

2.Attached screenshot of my UserPermission table and the Dialog for your reference.Additionally I have added the Add,Read,Update and
delete fields in the UserPermission table.

3.IOW: How have you associated each of your checkboxes with permissions? How does Serenity know that your "Add" checkbox corresponds to InsertPermission?
Honestly, I am not sure how to link the "Add" checkbox to InsertPermission. I understand this is crucial, but I need guidance
on how to properly make this association.

4.Second, I am not sure what type of behavior you are describing. When you say "it will automatically have access of update and Delete",
which of the following do you mean:
The dialog looks correct, but when I test as the user, they have additional permissions that were not explicitly granted. This
again seems to relate to the challenge of correctly linking each checkbox to its specific permission.

5.You said you are removing the tree structure from the dialog. But, are you also removing the ability to Revoke along with Grant for
each row? Are you sure you want to do this?
Yes.I have removed the tree structure. My requirement is If the checkbox is ticked then the user should have the rights to access
the module. Therefore, I have removed the Revoke checkbox in the dialog.

I hope that I answered all of your questions. If you have any doubts about my response, please don't hesitate to ask. I am also eager
to learn new things..

Now, I have modified the dialog so that based on the selection of checkboxes, it updates the UserPermission table.

Could you please help me implement the permissions based on the selection of checkboxes in a flat method instead of the Tree structure
method?

Thanks,
Vinith

[LSNicholls]

Hi again,

This is the crux of the problem:

Honestly, I am not sure how to link the "Add" checkbox to InsertPermission. I understand this is crucial, but I need guidance
on how to properly make this association.

Now, I have modified the dialog so that based on the selection of checkboxes, it updates the UserPermission table.

Your screenshot shows that you have changed the structure of the UserPermissions table. But I don't see how Serenity is supposed to use it as you have it, unless you have also changed PermissionService (look at GetUserPermissions in PermissionsService.cs -- where is your Granted column, used in the query there, unless you just have not included it and you always mark it true for every row?)

In any case, I'm fairly sure that you should not have changed the structure of this table. Instead, you have to change the way you are editing the table so that there are separate rows for each of the separate permissions, as shown in https://serenity.is/docs/howto/how_to_register_permissions_in_serene.

I do recognize that you don't like the tree structure in the dialog, and you don't have to have separate rows in the dialog for each permission, if you don't want to, I think. You can re-modify your persistence code for the dialog so that each of your columns creates or updates a separate row (not a separate column) in the table, using the keys that match whatever you put in your *Row.cs. But you can't flatten the table the way you have -- it's probably possible to do it that way, but you would have to change many other things too, and it doesn't make a lot of sense.

MyRow.cs file will look like this.
[ReadPermission(PermissionKeys.Languages.View)]

If you are using PermissionKeys... like this, be sure you also create a "translation" between these names and your actual permission key values, in a PermissionsKeys.cs file for your module. Again, see https://serenity.is/docs/howto/how_to_register_permissions_in_serene.

You don't really need to use PermissionKeys... like this; you can put the exact strings that you are putting in the table. For example (looking in the table for Northwind in a generated sample):

Northwind:Customer:Modify
Northwind:Customer:Delete
Northwind:Customer:View

... again your dialog doesn't need to show a tree, and if you don't want to include the colons you wouldn't have to, as long as each row has a unique permission value, and as long as you use some system of assigning them that allows your permission dialog persistence code to know what to put in for each row and each checkbox.

Finally, I want to point something out to you:

My requirement is If the checkbox is ticked then the user should have the rights to access the module.

This is okay if it is what you want. However, you are sacrificing some of the functionality of Serenity permissions here, maybe more than you realize, because the point of Revoke is to allow permissions to be set by Role, not individually per User, but then if needed fine-tune permissions for a User by eliminating single permissions that they would otherwise have by Role.

So, I need to ask you: are you completing eliminating Roles management and usage in your application, including in the default User dialog and grid? Or, have you thought through the interactions between the two? This is probably okay but I want to make sure.

[reach2rv]

Hi,
Can anyone help me on this below point.

I want to update the userPermission dialog like this.
View Add Update Delete
NorthWind: Customer CheckBox CheckBox CheckBox CheckBox

I have removed the tree structure and modified the UserPermissiondialog like the above. But the functionalities is not working as expected.
If I give Add permission, it will automatically have the access of update and Delete permission.
Could you please assist me in resolving this issue? Any guidance or examples of similar implementations would be highly appreciated.

Thanks,
Vinith

Reach out to me via slack serenity channel user Arvind Sawant or telegram @reach2rv

[VictorTomaili]

I totally forgot the slack. We didn't use it for a long time. I removed the slack because we didn't manage it. Sorry about it.