Role Overview
A 'Role' is a first class
workflow object within Jetfire. Roles provide the logged-in user with permissions for accessing workflows, workspace contents, executing methods, accessing properties and changing permissions.
A Jetfire
user can be assigned one or more roles. Methods and properties objects can have roles assigned using the
'access construct'. Workflow objects can be assigned roles programmatically (see below). This restricts usage and visibility of methods, properties to the Jetfire user by
dynamically changing access modifiers. Roles work on workflows by restricting access (not allowing workflows to be loaded into the cache of the
client nexus). The access rights are enforced through soft mechanisms in the client and rigorously enforced by the
server nexus.
Jetfire also uses roles internally to control all system functionality.
Role(s) can give a Jetfire
user special abilities with the Jetfire system such as:
- The ability to execute methods that have been declared with the 'access' construct.
- The ability to set and get properties that have been declared with the 'access' construct.
- The ability to set a property that otherwise has private getter and public setter.
- Restricting access to workspaces (and their objects) when the workspace workflow has had its 'Access Control List' set.
- Restricting access to workflow(object) when its 'Access Control List' set.
Roles can be identified by a unique name which must be assigned to the role when it is created. Once created the name of role may not change.
In order for the user to have these special abilities a role of the user must match a member of the 'Access Control List' of the Jetfire object.
Creating a Role
A Jetfire Role can be created programatically just like
creating any workflow object. A Role can be created by 2 techniques.
- Jetfire script using the 'new' operator.
- A Role workflow object can be created using the .net API.
Jetfire 'new' Operator
namespace NewRoleExample
{
public workflow Factory
{
// A method that creates a new Role object.
public Role CreateRole(string roleName)
{
// the new operator creates a new instance
// of a Role object;
return new Role(roleName);
}
}
}
New Workflow Object using the Jetfire API
Assigning A Role To A User
see
Creating a User with a RoleAssigning A Role To a Method or Property
A role can be assigned to a method or property using the
'access' construct.
// The 'Approve' method can only be executed if the user has
// the role 'Approver', otherwise the method will be 'private'.
public void Approve(): access(""Approver"")
{
status = ""approved"";
}
Request Approval
This examples uses roles to build a very simple "Approval" workflow. The login user Joe is allowed to execute the "Approve" method because he has the "Approver" role. The Guest user can execute the "Approve" method because that user has no roles.
Advanced Request Approval
This advanced example employs both states and roles in an request approval workflow. The 'state' of workflow ensures once a method is 'approved' that it can not be 'declined' at later date. The
roles determine which users can 'approve' the request.
Assigning A Role to a Workspace
Departmental Request Approval Example
In this example each department has a separate workspace where request workflows are stored. The
workspaces provide a firewall between departments not allowing members from one department to view another department's requests. Request workflows are approved when a user with the 'Approver' role, which is typically restricted to the department manager, executes the 'Approve' method of the request workflow.
Assigning A Role to a Workflow Programmatically
Roles can be assigned to an individual workflow restricting access to
users with that role. This is shown in the following example.
Note: Roles can also be assigned to "
workspaces" effectively giving all the workflows in the workspace the access rights of the workspace.
namespace AddingRoleExample
{
workflow MyFlow
{
Flow flow;
Role role;
User user;
// Create a workflow with restricted access.
// Also create a 'user' that can access the new workflow.
public Create()
{
flow = new Flow();
role = new Role(""Manager"");
workflow.AddAccessRole(flow, role);
// add the role to the user named "ManagerUser".
user = new User(""ManagerUser"");
user.AddRole(role);
}
}
workflow Flow
{
// add code for the workflow here.
}
}
See Also