Roles
In our platform, roles play a crucial part in defining the access level and permissions for users within your application. The Roles section provides a comprehensive interface for managing these roles, from creation to customization of rights associated with each role.
Sidebar and Role Creation
On the left side of the Roles page, you will find a sidebar listing all the roles you have created. At the bottom of this sidebar, a button allows you to add a new role. Clicking this button prompts a dialog where you can specify a name for your new role. Once a role is selected from the sidebar, it becomes active, enabling you to edit its properties and rights within the content area of the page.
An important feature to highlight within the role management interface is the filtering capability provided in the topbar. This feature allows you to filter rights based on the presetTypes such as "entity," "enum," "action," and any custom types you have defined. Utilizing this filter can significantly streamline the process of managing rights by enabling you to focus on the specific types of interest at any given time.
Editing Role Properties
When a role is activated, the content area provides options to edit both defaultRights and specificRights associated with that role. Additionally, a sidebar on the right side of the content area is available for editing meta information about the role, such as its name, icon, and icon color. All changes made in these sections are saved instantly, including modifications to rights and meta information.
Default Rights
Default rights define standard permissions for a preset type like "entity," "enum," and "action." Each default right details the standard behavior for actions like reading, writing, and deleting.
A crucial aspect to be aware of is the platform's default behavior towards unspecified rights: they are initially set to true. This setting is vital for maintaining accessibility and functionality but requires careful adjustment to ensure it aligns with your intended access controls. It's essential to review and modify these settings as necessary to prevent unintended access, ensuring secure and effective role-based access control.
Specific Rights
Specific rights allow for fine-grained control over permissions for specific objects within your application. For preset types "entity" and "enum," the selection list is linked to the actual objects you've created in the Data section, ensuring consistency across your application. The "action" category includes all server-side actions defined by you or pre-provided by the platform.
For custom types, you can specify the names for right objects yourself. It is essential to maintain consistency in naming these right objects across different roles manually.
If a specific right for an object that does not exist is queried, the platform will revert to the value specified in the default right for that type. Note that specific rights can only be created if the corresponding default right for the type is defined.
Custom Rights Picker
The picker for custom rights introduces states: true-inherited, false-inherited, true-not-inherited, and false-not-inherited. The inherited states are defined by the defaultRights. Clicking the checkbox in an inherited state changes it to false-not inherited, and another click changes it to true-not inherited. Clicking again retrieves the inherited status from the corresponding default right. A blue frame or checkmark indicates an inherited state, while green signifies not inherited.
- false-inherited
- true-inherited
- false-not-inherited
- true-not-inherited