InterSystems IRIS Data Platform 2020.4 > Class Reference > ENSLIB namespace > %CSP.Portal.Utils

%CSP.Portal.Utils

abstract class %CSP.Portal.Utils extends %Library.RegisteredObject

APIs used by the System Management Portal.

Method Inventory (Including Private)

Parameters

parameter DOMAIN = %Utility;

Methods (Including Private)

classmethod %AddFavorite(pName As %String, pLink As %String) as %Status [ Language = objectscript ]
Add item to favorites list.
classmethod %CheckCustomResource(pURL As %String) as %Boolean [ Language = objectscript ]
Check the custom resource (if any) assigned to a given URL. Note that pURL should be URL-encoded.
classmethod %CheckTaskResource() as %Boolean [ Language = objectscript ]
classmethod %ClearFavoriteItems(pUser As %String = "") as %Status [ Language = objectscript ]
Delete favorite item list for given user. If user is not specified, delete all items.
classmethod %ClearRecentItems(pUser As %String = "") as %Status [ Language = objectscript ]
Delete recent item list for given user. If user is not specified, delete all items.
classmethod %DrawError(pStatus As %Status) as %Status [ Language = objectscript ]
classmethod %GetCustomResource(pID As %String) as %String [ Language = objectscript ]
Get the custom resource assigned to a given id (url). Note that pID should be URL-encoded.
classmethod %GetCustomResourceList(pList As %String) as %Status [ Language = objectscript ]
Return a list of all currently used custom resource names.
classmethod %GetFavoritesForUser(Output pFavorites) as %Status [ Language = objectscript ]
Return the current favorites list for the current user: pItems(n) = $LB(name,date,url)
classmethod %GetNamespaceList(Output pNamespaces As %String) as %Status [ Language = objectscript ]
Get a list of namespaces which the current user may access. pNamespaces is returned as an array with the following structure: pNamespaces("NAMESPACE") = $lb(enabled,remote)
classmethod %GetRecentItemsForUser(Output pItems) as %Status [ Language = objectscript ]
Return the recent items list for the current user:
pItems(n) = $LB(name,date,url)
These are reset on system restart.
classmethod %IsAutoRefreshEnabled() as %Boolean [ Language = objectscript ]
Helper method to indicate whether pages in the management portal are allowed to perform automatic refreshes that poll the server.
classmethod %RegisterRecentItem(pName As %String, pURL As %String) as %Status [ Language = objectscript ]
Add this item to the recent item list.
classmethod %RemoveFavoriteItem(pName As %String) as %Status [ Language = objectscript ]
Delete a favorite item for the current user.
classmethod %RemoveRecentItem(pName As %String) as %Status [ Language = objectscript ]
Delete a recent item for the current user.
classmethod %SetCustomResource(pID As %String, pResource As %String) as %Status [ Language = objectscript ]
Set the custom resource assigned to a given id (url). Note that pID should be URL-encoded.
classmethod CheckLinkAccess(link As %String) as %Integer [ Language = objectscript ]
CheckLinkAccess determines whether the target user is permitted to view a given CSP or Zen page based on the security requirements for the relevant target Web application, the underlying page class, and any custom resources applied to the link.

Returns 0 if the link is not to a csp application. (enable)

Returns 1 if the user is permitted access to the page. (enable)

Returns 2 if could not determine Target User. Clicking on link will bring up login page. (choice: enable or disable)

Returns 3 if the user doesn't have access to the CSP application.(disable)

Returns 4 if the user doesn't have resources specific to the page.(disable)

  1. It is assumed the CheckLinkAccess is called from a context in which %session and %request are available, ie, from callpage in the CSP Server
  2. In order to minimize information trolling, CheckLinkAccess will just return a bit indicating if the link should be enabled in the current calling context.
  3. Definitions:
    1. Source application - application in which the current caller is being run
    2. Current user - ($Username) the user currently logged into the Source Application
    3. Target Application - the application pointed to by the link
    4. Target User - the computed username under which the user will be logged into the Target Application
    5. Target Page: the page portion of the link, e.g., /csp/app/mypage.csp: mypage.csp

This method is meant to be called from the link's containing page within the context of the CSP server. The containing page is part of a source application.

We must be able to detemine which target user will be used to check privileges. The target user cannot be determined if the source and target applications are different and the target is neither part of an active by-id group nor sharing-sessions with the source application.

Applications share sessions when:

  • The source and target are the same application.
  • The link to the target page contains CSPSHARE=1.
  • Source and target applications have the same Session Cookie Path.

Who is the target user?

Since this is called from with a CSP session, there are the following situations:

  1. The target application is a member of an authenticated by-id group. That group's authenticated user is the Target User.
  2. The target application will be in the current session. The CSP server has already handled logic for determing the user.
    1. The session's user is not UnknownUser. The target user is $Username.
    2. The session's user is UnknownUser
      • If the target application is the source application, the Target User is UnknownUser.
      • If the target application is different, the target user is the user from the session's Sticky-context. If the session has no sticky-context, the Target User will be UnknownUser

CheckLinkAccess Policy

  • If the Target Application is not a CSP Application, return ENABLE/UNKNOWN
  • If the Source and Target application are the same, skip to check resources.
  • If the Target Application is neither in an authenticated by-id group nor in the Source Application's session, return ENABLE/UNKNOWN
  • Compute the Target User. See 'Who is Target User?' above.
  • If the Target Application is two-factor enabled and the Target User is not, return NO_APP_ACCESS.
  • Get any application-defined and user-defined resources assigned to the Target Page.
  • If Source and Target Applications are different, check that the Target User has the right roles to enter the Target Application. If not, return NO_APP_ACCESS.
  • Check Resources:

    If the Target User can access the Target Page's Resources after escalating roles from the Target Application, return ENABLE/UNKNOWN. Else return NO_PAGE_ACCESS.

classmethod CheckLoggedInResources(targetResources As %List) as %Integer [ Language = objectscript ]

Inherited Members

Inherited Methods (Including Private)

Feedback