[[#wd Lookup TitleRecipe8 ]]

Overview

One of the main advantages using Coast is that it support roles in a highly flexible manner. This let you define exactly which user may access which pages. Because Coast also provides a session mechanism the user can login once and all his privileges are granted from then on.

Preconditions

Steps to do:

  1. Define the roles and their hierarchy.
    Within Config.any there must be a /Roles tag:
    [[#wd DisplayAnythingRenderer {
    	/AnythingInfo {
    		"/Roles {"
    		"	/Role {"
    		"		"Default""
    		"	}"
    		"}"
    		" "
    		"or another one"
    		" "
    		"/Roles {"
    		"	/Role { "Admin" "Guest" "Customer" }"
    		"	/Guest { "Default" }"
    		"}"
    	}
    }]]
    
    All the Roles must be defined there. You may also specify a Default role but this is not implemented properly by now.
    Another important tag is /RoleChanges:
    [[#wd DisplayAnythingRenderer {
    	/AnythingInfo {
    		"/RoleChanges {"
    		"	/GoAdmin     "Admin""
    		"	/GoCustomer  "Customer""
    		"}"
    	}
    }]]
    
    This defines actions that forces the role to be changed (Use a overwritten 'DoAction' to launch the appropriate Action - see [[#wd Lookup Recipe9 ]] )..
    Define the user levels in the Role.any file:
    [[#wd DisplayAnythingRenderer {
    	/AnythingInfo {
    		"/GuestRole     0"
    		"/CustomerRole  1"
    		"/AdminRole     2"
    	}
    }]]
    
    This defines the hierarchy AdminRole > CustomerRole > GuestRole.
    Remember the higher roles have all the privileges of the roles with a lower level.

  2. Configure the Maps for the different roles.
    For each role create a "RoleName".any configuration file, where you can define the role specific navigation maps (Refer to [[#wd Lookup Recipe1 ]] for a description).

  3. Create the subclasses for the different roles.
    Until now you have to create a new subclass of Role for each different role (this will change in the future, such that you can have different roles instanciatied from the same class).
    The most important method to overwrite is the Constructor because it is there where the name is set properly:
    [[#wd DisplayAnythingRenderer {
    	/AnythingInfo {
    		"MyNewRole::MyNewRole() : Role("MyNewRole")"
    		"{}"
    	}
    }]]
    
    There are three interesting methods more which may be overwritten. They allow you to implement specific security checks.
    [[#wd DisplayAnythingRenderer {
    	/AnythingInfo {
    		"// Resolve the name for the next page with currentpage and action."
    		"// The default implementation uses a table driven"
    		"// approach. The table is usually defined in [RoleName].any"
    		" "
    		"virtual bool DoGetNewPageName( Context &c, String &transition, String& pagename );"
    		" "
    		"// checks role levels by name according to role precedence defined in Role.any"
    		"// GuestRole < CustomerRole < AnotherRole"
    		" "
    		"virtual bool CheckLevel(const char *name) const;"
    		" "
    		"// verifies query params default implementation"
    		"// does nothing"
    		"virtual bool DoVerify(Context &,String &,String &);"
    	}
    }]]
    

Remarks

Glossary

Related Topics

Navigation Map, Role concept