Validation of permissions

User authentication

The ISecurityService service is used for the authentication of POS users. It contains methods that make it possible to both log the user in and out, as well as to lock the screen and verify whether the user has required permissions.

ISecurityService methods:

  • SignIn(string login, SecureString password)
    It makes it possible to log the user in to the system.
  • SignOut()
    It logs the user out. As a result, all the previously opened views will be closed and the user will be navigated to the logon screen.
  • Lock()
    It locks the screen. As a result, the logon screen is displayed, preventing users from opening other views until they confirm their identity by entering their password.

User authentication

Each logged-in user of the POS application may or may not be permitted to access predefined application locations. Relevant permissions can be granted in the ERP system by assigning permissions referring to actions and business objects to appropriate user groups. In order to verify whether the logged-in user has sufficient permissions, it is necessary to use the IAuthorizationService service and its ValidatePermissions method or, within the viewmodel class, to directly invoke the extending method of the same name. Invoking the method will verify permissions; if the verification is unsuccessful, a modal view will be opened, making it possible to select a user for whom the verification process is to be completed again (provided the user’s login and corresponding password are entered). This will not result in relogging to the selected user – it will only go through a given permission verification stage. The method’s parameters are:

  • accessDeniedMessage (string) – it is a text to be displayed if the user has no verified permissions
  • authorization (IAuthorization) – it is a permission to be verified
  • successAction (Action) – it is an action to be performed if permissions are verified successfully
  • cancelAction (Action) – it is an optional action to be performed if the user does not choose to use higher-level permissions by logging in to another account during the permission verification process
  • login (string) (by default: null) – it is an optional user login for which permissions will be verified
  • password (string) (by default: null) – it is a user password for which permissions will be verified (required if a login is entered)
  • logByCard (bool) (by default: false) – it specifies whether the user has logged in using a magnetic card
Example
We are checking whether the logged-in user is permitted to add a receipt:

this.ValidatePermissions(“Insufficient permissions to add a receipt", Authorization.Check.To(PermissionName.Receipt).WithLevels(PermissionLevel.Add),
                () =>
                {
                    NotificationService.Show(“Permissions verified successfully", NotifyIcon.Information);
                });

Czy ten artykuł był pomocny?

Wyślij opnie