Example

This example prints the roles, explicit rights, and net rights that a user has on an object. To download the complete example, click SettingSecurityRights.zip.

<%@ Language=JavaScript%>

<html>

<body>

var RetVal = new Array();

function GetRoleDescription(Role)

{

switch (Role)

{

case ceRoleAdvanced:

return "Advanced";

case ceRoleNoAccess:

return "No access";

case ceRoleView:

return "View";

case ceRoleViewOnDemand:

return "View on demand";

case ceRoleSchedule:

return "Schedule";

case ceRoleFullControl:

return "Full control";

}

function ListRoles()

{

var ListBox="<select name=Role>";

if (Principal.Role != ceRoleAdvanced) ListBox = ListBox + "<option value='"+Principal.Role+ "'>" + GetRoleDescription(Principal.Role);

for (k=1;k<=5;k++)

{

if (k != Principal.Role) ListBox = ListBox + "<option value='"+k+ "'>" + GetRoleDescription(k);

}

ListBox=ListBox+ "</select>"

return ListBox;

}

function DisplayInheritance()

{

var HTML = "";

if (Principal.AdvancedInheritGroups == true) {

HTML += "<input name='InheritFromGroups' type='checkbox' checked>Rights are inherited from groups.<BR>";

} else {

HTML += "<input name='InheritFromGroups' type='checkbox'>Rights are inherited from groups.<BR>";

}

if (Principal.AdvancedInheritFolders == true) {

HTML += "<input name='InheritFromFolders' type='checkbox' checked>Rights are inherited from folders.<BR>";

} else {

HTML += "<input name='InheritFromFolders' type='checkbox'>Rights are inherited from folders.<BR>";

}

return HTML;

}

function GetAllRights()

{

var HTML = "";

HTML += "<table border=1 cellpadding=3><TR align=left>";

HTML += "<TH colspan=1></TH><TH colspan=3>Explicit Rights</TH><TH colspan=1></TH><TH colspan=1></TH></TR>";

HTML += "<TR align=left><TH>Inherited Rights</TH>";

HTML += "<TH>Granted</TH><TH>Denied</TH>";

HTML += "<TH>Not Specified</TH><TH>Net Right</TH><TH>Right</TH></TR>";

var result = new Array();

for (k=1;k<=KnownRights.Count;k++)

{

Right = KnownRights.Item(k)

HTML += "<TR>"

Granted=""

Denied=""

Inherited=""

NotSpecified=""

// The GetRightDetails method returns an associative array.

// See the myReturn function for details.

result = GetRightDetails(Right.ID);

// Also see the GetNetRight function for a quick way to

// retrieve any effective right for any user.

// Use the shortcuts described in the myReturn function to assess

// whether the net right is determined by an inherited or explicit right.

if (result["Explicit"] == 0) {

NotSpecified = "checked=true";

} else if (result["Explicit"] == 2) {

Denied = "checked=true";

} else if (result["Explicit"] == 1) {

Granted = "checked=true";

} else {

throw "Could not determine the right's state."

}

// Determine the state of any right that can be inherited.

switch (result["Inherited"]) {

case 0:

InheritState = "(Not Specified)";

break;

case 1:

InheritState = "(Granted)";

break;

case 2:

InheritState = "(Denied)";

break;

}

HTML += "<TD>" + InheritState + "</TD>";

if (result["Inherited"] == 2) {

// You cannot explicitly grant a right that is denied by inheritance.

HTML += "<TD><input type='radio' disabled name='"+Right.ID+"' value='granted' "+Granted+"></TD>";

} else {

HTML += "<TD><input type='radio' name='"+Right.ID+"' value='granted' "+Granted+"></TD>";

}

// You can always explicitly deny a right.

HTML += "<TD><input type='radio' name='"+Right.ID+"' value='denied' "+Denied+"></TD>";

// You can always remove explicit settings.

HTML += "<TD><input type='radio' name='"+Right.ID+"' value='notspecified' "+NotSpecified+"></TD>";

if (result["NetRight"] == 0) {

Net = "Denied";

} else {

Net = "Granted";

}

HTML += "<TD>" + Net + "</TD>";

HTML += "<TD>" + Right.Description + "</TD></TR>";

}

HTML += "</TABLE>";

return HTML;

}

function GetNetRight(UserID, RightID) {

// This function shows how to quickly check any effective right,

// for any user at any time, by retrieving an ObjectPrincipal object

// using SecurityInfo.AnyPrincipal. Note, however, that

// you cannot determine whether a right is inherited or denied when you

// check the net right in this way. This sample displays the exact state of

// each right, and so additional logic is required, as demonstrated

// in the GetRightDetails function, which is actually used in the sample.

var Effect;

EffectiveRights = SecurityInfo.AnyPrincipal(UserID).Rights;

try {

CurrentRight = EffectiveRights.Item("#" + ID);

Effect = CurrentRight.Granted;

} catch (e) {

// Deny any right that is not in the collection.

Effect = false;

}

return Effect;

}

function myReturn (net,inherit,explicit) {

// "NetRight" is Boolean. It is 1 only if the right is granted.

RetVal["NetRight"] = net;

// "Inherited" is 0 unless the right is in the Principal.InheritedRights collection,

// in which case it is 1 if granted and 2 if denied.

RetVal["Inherited"] = inherit;

// "Explicit" is 0 unless the right is in the Principal.Rights collection,

// in which case it is 1 if granted and 2 if denied.

RetVal["Explicit"] = explicit;

// Analysis of the inheritance patterns and priorities reveals these

// useful shortcuts from the ordered arguments to this function:

// 0,0,0 - The right is not specified.

// 0,2,[0-2] - The right is denied by inheritance.

// 1,0,1 - The right is explicitly granted.

// 0,[0-1],2 - The right is explicitly denied.

// 1,1,[0-1] - The right is granted by inheritance.

// These shortcuts are used in the GetAllRights function to determine

// which checkboxes should be selected in the rights matrix.

return RetVal;

}

function GetRightDetails(RightID) {

// This function returns an associative array whose keys are created in

// the function called "myReturn". While determining the exact state of each right,

// this function also shows how effective rights are calculated. See the GetNetRight

// function for a quick way to check any effective right.

try {

PrincipalRight = ExplicitRights.Item("#" + RightID);

} catch(e) {

PrincipalRight = null;

}

try {

InheritedRight = InheritedRights.Item("#" + RightID);

} catch(e) {

InheritedRight = null;

}

// The following tests cover every combination and

// return the appropriate values in an associative array.

// See the myReturn function for a description of the array.

if (PrincipalRight == null) {

if (InheritedRight == null) return (myReturn(0,0,0));

if (InheritedRight.Granted == true) return (myReturn(1,1,0));

}

if (InheritedRight == null) {

if (PrincipalRight.Granted == false) return (myReturn(0,0,2));

if (PrincipalRight.Granted == true) return (myReturn(1,0,1));

}

// If denied by inheritance, the right is always denied.

if (InheritedRight.Granted == false) {

if (PrincipalRight == null) return (myReturn(0,2,0));

if (PrincipalRight.Granted == true) return (myReturn(0,2,1));

if (PrincipalRight.Granted == false) return (myReturn(0,2,2));

}

if (InheritedRight.Granted == true) {

if (PrincipalRight.Granted == true) return (myReturn(1,1,1));

if (PrincipalRight.Granted == false) return (myReturn(0,1,2));

}

throw "Error calculating the effective right.";

}

function Main()

{

IStore = RetrieveIStore();

if (IStore == null)

{

Response.Redirect ("Start.csp");

return;

}

UserID = parseInt(Request.Form.Item("UserID"));

ReportID = parseInt(Request.Form.Item("ReportID"));

Reports = IStore.Query("Select SI_ID From CI_INFOOBJECTS Where SI_ID=" + ReportID);

Report = Reports.Item(1);

SecurityInfo = Report.SecurityInfo;

KnownRights = SecurityInfo.KnownRights;

// See if the user has explicit rights on the report

// and alias the collection of explicit rights.

try {

Principal = SecurityInfo.ObjectPrincipals.Item("#" + UserID);

HasExplicitRights = true;

} catch(e) {

Principal = SecurityInfo.AnyPrincipal(UserID);

HasExplicitRights = false;

} finally {

ExplicitRights = Principal.Rights;

}

// See if the user inherits rights on the report

// and alias the collection of inherited rights.

try {

if (Principal.InheritedRights.Count >= 1) HasInheritedRights = true;

} catch(e) {

HasInheritedRights = false;

} finally {

InheritedRights = Principal.InheritedRights;

}

Response.Write ("<H2>Rights for this user on this object</H2>");

Response.Write ("<form action='SetRights.csp?UserID="+UserID+"&ReportID="+ReportID+" ' method=post name='Rights'>");

if (HasExplicitRights = true) {

Response.Write("There are <EM>" + GetRoleDescription(Principal.Role) + "</EM> rights for this user.");

} else {

Response.Write ("There are no specific rights for this user. The effective rights are shown below.");

}

Response.Write("<H3>Change the role</H3>");

Response.Write("Change the current set of rights quickly by assigning a predefined access mode, or role.<BR>");

Response.Write(ListRoles());

Response.Write("<input type=submit name='SetRole' value='Set'>");

Response.Write("<HR><H3>Modify inheritance</H3>");

Response.Write("You must click 'Set' to update the table of advanced rights with your selected inheritance pattern.<BR>")

Response.Write(DisplayInheritance());

Response.Write("<input type=submit name='SetInheritance' value='Set'>");

Response.Write("<HR><H3>Advanced rights</H3>");

Response.Write("Modify the current rights by selecting from the complete list of Advanced rights. ");

Response.Write("You must disable inheritance before you can change the net effect of rights that are denied by inheritance.<BR>");

Response.Write(GetAllRights());

Response.Write("<input type=submit name='SetRights' value='Set'>");

}

Main();

</body>

</html>

Crystal Decisions, Inc.
http://www.crystaldecisions.com
Support services:
http://support.crystaldecisions.com