%pkg.isc.rest.authorization.permission

abstract persistent class %pkg.isc.rest.authorization.permission extends %Library.Persistent, %pkg.isc.rest.model.adaptor

SQL Table Name: %pkg_isc_rest_authorization.permission

• Subclass %pkg.isc.rest.authorization.permission
• Override GetContexts()
• Override RESOURCENAME to control exposure as as REST Resource.
• Override CheckPermission() to control REST access to permissions.
• In your application's authentication strategy class, override CheckPermission and call the CheckAllPermission() in your Permission subclass.

Property Inventory

• Context
• Granted
• MediaType
• Operation
• ResourceClass
• ResourceName

Method Inventory

• CheckAuthorization()
• GetContexts()
• GetModelFromResultRow()
• GrantedGet()
• ListGrantedPermissionsClose()
• ListGrantedPermissionsExecute()
• ListGrantedPermissionsFetch()

Parameters

parameter ConstructFromResultRow = 1;

If true, the whole SQL result row is passed to GetModelInstance rather than just the ID. If true, GetModelFromResultRow must be overridden and implemented.

Properties

property Context as %String;

Property methods: ContextDisplayToLogical(), ContextGet(), ContextIsValid(), ContextLogicalToDisplay(), ContextLogicalToOdbc(), ContextNormalize(), ContextSet()

property Granted as %Boolean [ Calculated , Transient ];

Property methods: GrantedDisplayToLogical(), GrantedIsValid(), GrantedLogicalToDisplay(), GrantedNormalize()

property MediaType as %String (MAXLEN = 128) [ Calculated ];

Property methods: MediaTypeCompute(), MediaTypeDisplayToLogical(), MediaTypeGet(), MediaTypeIsValid(), MediaTypeLogicalToDisplay(), MediaTypeLogicalToOdbc(), MediaTypeNormalize(), MediaTypeSQLCompute()

property Operation as %String;

Property methods: OperationDisplayToLogical(), OperationGet(), OperationIsValid(), OperationLogicalToDisplay(), OperationLogicalToOdbc(), OperationNormalize(), OperationSet()

property ResourceClass as %Dictionary.CacheClassname [ Required ];

Property methods: ResourceClassGet(), ResourceClassIsValid(), ResourceClassSet()

property ResourceName as %String (MAXLEN = 128) [ Calculated ];

Property methods: ResourceNameCompute(), ResourceNameDisplayToLogical(), ResourceNameGet(), ResourceNameIsValid(), ResourceNameLogicalToDisplay(), ResourceNameLogicalToOdbc(), ResourceNameNormalize(), ResourceNameSQLCompute()

Methods

classmethod CheckAuthorization(pResourceClassName As %Dictionary.CacheClassname, pOperation As %String, pUserContext As %RegisteredObject) as %Boolean

Easy to use in %pkg.isc.rest.authentication:CheckPermission Can also pass a $ListBuild list instead of pUserContext

abstract classmethod GetContexts(pUserContext As %RegisteredObject) as %List

Given a User Context object used by the subclassing application's REST APIs, returns a $ListBuild list of strings representing that user context (for example, an API key or SSO GUID, or a list of platform-level privileges if IRIS security is used). Subclasses *MUST* override this method.

classmethod GetModelFromResultRow(pResultRow As %Library.IResultSet) as %pkg.isc.rest.model.dbMappedResource

Inherited description: May be overridden to get an instance of this class from a result set row instead of an object. This is particularly useful for loading data from a linked table, where individual reads are expensive.

method GrantedGet() as %Boolean

classmethod ListGrantedPermissionsClose(ByRef qHandle As %Binary) as %Status

classmethod ListGrantedPermissionsExecute(ByRef qHandle As %Binary, context As %String) as %Status

classmethod ListGrantedPermissionsFetch(ByRef qHandle As %Binary, ByRef Row As %List, ByRef AtEnd As %Integer = 0) as %Status

Queries

query ListAvailablePermissions(context As %String)

SQL Query:
select * from ( select r.ResourceName, r.MediaType, r.ResourceClass, :context As "Context", o.Operation As "Operation" from %pkg_isc_rest.resourceMap r, (select 'CREATE' As "Operation" union all select 'READ' union all select 'UPDATE' union all select 'DELETE' union all select 'QUERY') o union all select r.ResourceName, r.MediaType, r.ResourceClass, :context As "Context", 'ACTION:'||ActionName As "Operation" from %pkg_isc_rest.resourceMap r join %pkg_isc_rest.actionMap o on o.ResourceClass = r.ResourceClass ) order by ResourceName, MediaType, CASE Operation when 'CREATE' then 1 when 'READ' then 2 when 'UPDATE' then 3 when 'DELETE' then 4 when 'QUERY' then 5 else 6 end, Operation

query ListGrantedPermissions(context As %String)

Selects ResourceName As %String, MediaType As %String, ResourceClass As %String, Context As %String, Operation As %String

Indexes

index (ClassContext on ResourceClass,Context,Operation) [Unique];

Index methods: ClassContextCheck(), ClassContextDelete(), ClassContextExists(), ClassContextOpen(), ClassContextSQLCheckUnique(), ClassContextSQLExists(), ClassContextSQLFindPKeyByConstraint(), ClassContextSQLFindRowIDByConstraint()

index (Context on Context);

Index methods: ContextDisplayToLogical(), ContextExists(), ContextGet(), ContextIsValid(), ContextLogicalToDisplay(), ContextLogicalToOdbc(), ContextNormalize(), ContextSet()

index (ResourceContext on ResourceName,MediaType,Context,Operation) [Unique];

Index methods: ResourceContextCheck(), ResourceContextDelete(), ResourceContextExists(), ResourceContextOpen(), ResourceContextSQLCheckUnique(), ResourceContextSQLExists(), ResourceContextSQLFindPKeyByConstraint(), ResourceContextSQLFindRowIDByConstraint()