Skip to main content

%CSP.Portal.Utils

abstract class %CSP.Portal.Utils extends %Library.RegisteredObject

APIs used by the System Management Portal.

Method Inventory

Parameters

parameter DOMAIN = %Utility;

Methods

classmethod %AddFavorite(pName As %String, pLink As %String) as %Status
Add item to favorites list.
classmethod %CheckCustomResource(pURL As %String) as %Boolean
Check the custom resource (if any) assigned to a given URL. Note that pURL should be URL-encoded.
classmethod %CheckTaskResource() as %Boolean
classmethod %ClearFavoriteItems(pUser As %String = "") as %Status
Delete favorite item list for given user. If user is not specified, delete all items.
classmethod %ClearRecentItems(pUser As %String = "") as %Status
Delete recent item list for given user. If user is not specified, delete all items.
classmethod %DrawError(pStatus As %Status) as %Status
classmethod %GetCustomResource(pID As %String) as %String
Get the custom resource assigned to a given id (url). Note that pID should be URL-encoded.
classmethod %GetCustomResourceList(pList As %String) as %Status
Return a list of all currently used custom resource names.
classmethod %GetFavoritesForUser(Output pFavorites) as %Status
Return the current favorites list for the current user: pItems(n) = $LB(name,date,url)
classmethod %GetNamespaceList(Output pNamespaces As %String) as %Status
Get a list of namespaces which the current user may access. pNamespaces is returned as an array with the following structure: pNamespaces("NAMESPACE") = $lb(enabled,remote)
classmethod %GetRecentItemsForUser(Output pItems) as %Status
Return the recent items list for the current user:
pItems(n) = $LB(name,date,url)
These are reset on system restart.
classmethod %IsAutoRefreshEnabled() as %Boolean
Helper method to indicate whether pages in the management portal are allowed to perform automatic refreshes that poll the server.
classmethod %RegisterRecentItem(pName As %String, pURL As %String) as %Status
Add this item to the recent item list.
classmethod %RemoveFavoriteItem(pName As %String) as %Status
Delete a favorite item for the current user.
classmethod %RemoveRecentItem(pName As %String) as %Status
Delete a recent item for the current user.
classmethod %SetCustomResource(pID As %String, pResource As %String) as %Status
Set the custom resource assigned to a given id (url). Note that pID should be URL-encoded.
classmethod AllowDirectory(dir As %String) as %Boolean
This method will allow the given directory (and its descendants) to be visible by the %ZEN.Dialog.fileSelect page. If the set of directories was previously unrestricted, and if the restriction was not explicitly disabled by calling RestrictDirectories() then only this directory and its descendants will be visible. If the specified directory is invalid or does not exist, this method will return 0 (false), and no change is made.
classmethod CheckLinkAccess(link As %String) as %Integer
CheckLinkAccess determines whether the target user is permitted to view a given CSP or Zen page based on the security requirements for the relevant target Web application, the underlying page class, and any custom resources applied to the link.

Returns 0 if the link is not to a csp application. (enable)

Returns 1 if the user is permitted access to the page. (enable)

Returns 2 if could not determine Target User. Clicking on link will bring up login page. (choice: enable or disable)

Returns 3 if the user doesn't have access to the CSP application.(disable)

Returns 4 if the user doesn't have resources specific to the page.(disable)

  1. It is assumed the CheckLinkAccess is called from a context in which %session and %request are available, ie, from callpage in the CSP Server
  2. In order to minimize information trolling, CheckLinkAccess will just return a bit indicating if the link should be enabled in the current calling context.
  3. Definitions:
    1. Source application - application in which the current caller is being run
    2. Current user - ($Username) the user currently logged into the Source Application
    3. Target Application - the application pointed to by the link
    4. Target User - the computed username under which the user will be logged into the Target Application
    5. Target Page: the page portion of the link, e.g., /csp/app/mypage.csp: mypage.csp

This method is meant to be called from the link's containing page within the context of the CSP server. The containing page is part of a source application.

We must be able to detemine which target user will be used to check privileges. The target user cannot be determined if the source and target applications are different and the target is neither part of an active by-id group nor sharing-sessions with the source application.

Applications share sessions when:

  • The source and target are the same application.
  • The link to the target page contains CSPSHARE=1.
  • Source and target applications have the same Session Cookie Path.

Who is the target user?

Since this is called from with a CSP session, there are the following situations:

  1. The target application is a member of an authenticated by-id group. That group's authenticated user is the Target User.
  2. The target application will be in the current session. The CSP server has already handled logic for determing the user.
    1. The session's user is not UnknownUser. The target user is $Username.
    2. The session's user is UnknownUser
      • If the target application is the source application, the Target User is UnknownUser.
      • If the target application is different, the target user is the user from the session's Sticky-context. If the session has no sticky-context, the Target User will be UnknownUser

CheckLinkAccess Policy

  • If the Target Application is not a CSP Application, return ENABLE/UNKNOWN
  • If the Source and Target application are the same, skip to check resources.
  • If the Target Application is neither in an authenticated by-id group nor in the Source Application's session, return ENABLE/UNKNOWN
  • Compute the Target User. See 'Who is Target User?' above.
  • If the Target Application is two-factor enabled and the Target User is not, return NO_APP_ACCESS.
  • Get any application-defined and user-defined resources assigned to the Target Page.
  • If Source and Target Applications are different, check that the Target User has the right roles to enter the Target Application. If not, return NO_APP_ACCESS.
  • Check Resources:

    If the Target User can access the Target Page's Resources after escalating roles from the Target Application, return ENABLE/UNKNOWN. Else return NO_PAGE_ACCESS.

classmethod CheckLoggedInResources(targetResources As %List) as %Integer
classmethod ClearDirectories()
This method will clear the set of directories that are visible by the %ZEN.Dialog.fileSelect page. After this all directories available to the system will be visible in the fileSelect page.
classmethod GetAllowedDirectories(Output dirs) as %Boolean
This method will retrieve the set of root directories that are visible by the %ZEN.Dialog.fileSelect page. If the system is configured to restrict the directories that are visible the method will return 1 (true) and dirs will contain the set of root directories. Otherwise it will return 0 (false), and all directories will be visible.
classmethod RemoveDirectory(dir As %String)
This method will remove the given directory from the set of root directories that are visible by the %ZEN.Dialog.fileSelect page. If the given directory was not previously configured as an available root directory, this will have no effect.
classmethod RestrictDirectories(flag As %Boolean) as %Boolean
If flag is true then the %ZEN.Dialog.fileSelect page will only allow navigation to the set of directories configured by AddDirectory(). If no directories are configured, then the fileSelect page will not display any files.
If flag is false, then the fileSelect page will allow navigation to all files. The set of directories configured by AddDirectory() (if any) is not removed. Return 1 (true) if we were previously configured to use restricted directories, 0 (false) otherwise.

Inherited Members

Inherited Methods

FeedbackOpens in a new tab