Check Permissions - Check if certain permissions are granted
This action checks whether the current user has a specific permission
(or which of multiple permissions he/she has).
To do this, the action uses two tables in the database, user_roles
Notice that you only rarely have to use this action, as the user's permissions
are automatically checked whenever a restricted action is to be executed
(an action with the requiredPermission property). For example,
if some actions require the "Update" permission,
then each of them should have a requiredPermission property
with the value "Update", and they are enabled only if the user has the
"Update" permission. You will include Check Permissions in your model
only when this automatic testing is not enough (e.g. if in addition to
the existence of the permission some other conditions should be checked
to decide whether to enable or disable some actions).
Exits [none required]
The action exits through any exit whose name is a granted permission (or
through <None> if none of these permissions is granted).
For example, suppose you want to check whether the current user has the "Read"
permission and/or the "Update" permission. In this case, the action should be
used with two non-repetitive empty exits, Read and Update
(and optionally also a third non-repetitive empty exit <None>):
- The user name is searched in the user_roles table to get all
roles assigned to the user.
- Each of these roles is searched in the role_permissions table
to collect all permissions granted to the user.
"Common/Templates/Systems/Authorization/Application Pane/Check System Variables/Check System Variables/Has Premission?":
- If the user has the "Read" permission but not the "Update" permission,
then only the Read exit is charged.
- If the user has the "Update" permission but not the "Read" permission,
then only the Update exit is charged.
- If the user has both the "Read" permission and the "Update" permission,
then both the Read and the Update
exits are charged.
- If the user does not have the "Read" permission nor the "Update" permission,
then only the <None> exit is charged.