Fire up your applications with Jetfire
RSS
Jetfire Wiki


Quick Search
»
Advanced Search »

Role Overview

A 'Role' is a first class workflow object within Jetfire. Roles provide the logged-in user with permissions for accessing workflows, workspace contents, executing methods, accessing properties and changing permissions.

A Jetfire user can be assigned one or more roles. Methods and properties objects can have roles assigned using the 'access construct'. Workflow objects can be assigned roles programmatically (see below). This restricts usage and visibility of methods, properties to the Jetfire user by dynamically changing access modifiers. Roles work on workflows by restricting access (not allowing workflows to be loaded into the cache of the client nexus). The access rights are enforced through soft mechanisms in the client and rigorously enforced by the server nexus.

Jetfire also uses roles internally to control all system functionality.

Role(s) can give a Jetfire user special abilities with the Jetfire system such as:

  1. The ability to execute methods that have been declared with the 'access' construct.
  2. The ability to set and get properties that have been declared with the 'access' construct.
  3. The ability to set a property that otherwise has private getter and public setter.
  4. Restricting access to workspaces (and their objects) when the workspace workflow has had its 'Access Control List' set.
  5. Restricting access to workflow(object) when its 'Access Control List' set.

Roles can be identified by a unique name which must be assigned to the role when it is created. Once created the name of role may not change.

In order for the user to have these special abilities a role of the user must match a member of the 'Access Control List' of the Jetfire object.


Creating a Role

A Jetfire Role can be created programatically just like creating any workflow object. A Role can be created by 2 techniques.
  • Jetfire script using the 'new' operator.
  • A Role workflow object can be created using the .net API.

Jetfire 'new' Operator

namespace NewRoleExample
{
public workflow Factory
{
// A method that creates a new Role object.
public Role CreateRole(string roleName)
{
// the new operator creates a new instance
// of a Role object;
return new Role(roleName);
}
}
}

New Workflow Object using the Jetfire API

Assigning A Role To A User

see Creating a User with a Role

Assigning A Role To a Method or Property

A role can be assigned to a method or property using the 'access' construct.
// The 'Approve' method can only be executed if the user has
// the role 'Approver', otherwise the method will be 'private'.
public void Approve(): access(""Approver"")
{
status = ""approved"";
}

Request Approval

This examples uses roles to build a very simple "Approval" workflow. The login user Joe is allowed to execute the "Approve" method because he has the "Approver" role. The Guest user can execute the "Approve" method because that user has no roles.

Advanced Request Approval

This advanced example employs both states and roles in an request approval workflow. The 'state' of workflow ensures once a method is 'approved' that it can not be 'declined' at later date. The roles determine which users can 'approve' the request.

Assigning A Role to a Workspace

Departmental Request Approval Example

In this example each department has a separate workspace where request workflows are stored. The workspaces provide a firewall between departments not allowing members from one department to view another department's requests. Request workflows are approved when a user with the 'Approver' role, which is typically restricted to the department manager, executes the 'Approve' method of the request workflow.

Assigning A Role to a Workflow Programmatically

Roles can be assigned to an individual workflow restricting access to users with that role. This is shown in the following example.

Note: Roles can also be assigned to "workspaces" effectively giving all the workflows in the workspace the access rights of the workspace.
namespace AddingRoleExample
{
workflow MyFlow
{
Flow flow;
Role role;
User user;
// Create a workflow with restricted access.
// Also create a 'user' that can access the new workflow.
public Create()
{
flow = new Flow();
role = new Role(""Manager"");
workflow.AddAccessRole(flow, role);
// add the role to the user named "ManagerUser".
user = new User(""ManagerUser"");
user.AddRole(role);
}
}
workflow Flow
{
// add code for the workflow here.
}
}


See Also

ScrewTurn Wiki version 3.0.4.560. Some of the icons created by FamFamFam.