Users
Every request to Dynamix functions or pages is associated with a user-object. Dynamix solutions has two predefined user accounts - Administrator and Guest. Until a user is authenticated (logged in) all requests are made using the Guest-account.
The abstract base class for users is Dynamix.User. Standard users created from the Users and Groups-tool are of the type Dynamix.DynamixUser and users created by integrating with Ldap are of the types Dynamix.ActiveDirectoryUser or Dynamix.NovellUser.
It's quite easy to create (Dynamix-)users from code:
var user = new DynamixUser( "xavier" );
user.SystemPrivileges.Add( DynamixLoginPrivilege.Instance );
user.SetPassword( "password" );
Groups
A group is a collection of users. There is a predefined group Dynamix.Group.Everyone which always includes all users.
var editors = new DynamixGroup( "Editors" );
editors.SystemPrivileges.Add( DynamixLoginPrivilege.Instance );
The property Users can be used to list the users in the group. To add a user to a group programmatically use the Groups property of the User-object:
user.Groups.add( editors );
Roles
Users and groups can have roles assigned to them. The roles are most often used to group privileges together.
Subjects
The class Dynamix.Subject represents any entity which can be assigned privileges. User, Group and Role all inherits from �Subject.
Privileges
As soon as a solution has more than one user it is necessary to consider permissions and user privileges. Dynamix comes with several predefined privilege types which can be used to limit e.g. who can edit a page, who can view the content of a page, who can upload new files and who can log in to the Dynamix editor interface.
When adding new functionality to the solution it is recommended to also add privilege types for these functions - e.g. who can create new news items, who can edit the product catalog etc.
There are two kinds of privileges - object privileges and system privilages. The difference is that an object privilege is connected to an object - user x can edit page p, while a system privilege is global - user x can edit the product catalog.
Creating custom privileges
Custom privileges can be created by adding a new item to the solution in Visual Studio
Pick Dynamix 6 - Object Privilege or Dynamix 6 - System Privilege and enter a name for the new class.
When creating object privileges for an object type we must also add code to that type's descriptor defining the connection between privilege type and object type:
public override IEnumerable<ObjectPrivilege> GetApplicablePrivileges(T o)
{
// Include all the privileges connected to the base type
foreach( var priv in base.GetApplicablePrivileges( o ) )
{
yield return priv;
}
// And also include our own privilege type
yield return MyObjectPrivilege.Instance;
}
Checking privileges
To check if a user has a certain privilege we can use the methods HasSystemPrivilege or HasObjectPrivilege:
var user = RequestContext.Current.User;
user.HasSystemPrivilege<MySystemPrivilege>();
user.HasSystemPrivilege( MySystemPrivilege.Instance );
user.HasObjectPrivilege<MyObjectPrivilege>( obj );
user.HasObjectPrivilege( obj, MyObjectPrivilege.Instance );