Sunday 26 June 2011

Menu related Permissions

In BB2 users navigate the various modules of the system using the main left-hand menu. Each main menu option then displays a number of different sub-menu links related to that module. Once a user accesses any of these sub-menu links he/she is able to use the top-level menu bar to navigate within and perform functions relating to that section. There are of course also a number of other links and buttons that make-up the various sections, and which appear outside of the top-level menu bar, on the various pages themselves. Together, all these menu options, links and buttons define the visual access level for any given user.

It is very important to understand the difference between this visual access level defined by menu options, page links and buttons, and the functional level of access defined by the actions a user is capable of performing, and the areas they have access to. These two layers one intuitively expects to amount to the same thing and to always be aligned with one another. However, although this should ideally be the case and most often is, the two do not necessarily always align automatically. This is because the two layers are granted using distinct permission sets. What this means is that it is both possible to access a section without having been given the permission to see the menu option or page link that links to that section (provided you know the correct link), and to see a particular menu option but not have access to the area it links to.

A helpful analogy would be that of a passage with a row of doors. The visual layer of the permissions determines which doors or options you are able to see. In order to open any of the doors and enter one must have the right keys. The functional layer of the permissions determines which of these doors you have keys for. Herein lies the distinction between having been granted the ability to see a particular menu option, page link or button, and having been granted the necessary permission set(s) associated with that menu option, page link or button. The former is a visual permission that is of no real use without also having the latter, functional permission that grants the user access to the area or function the menu option, page link or button merely denotes.

User session data & Menu cache

Whenever adding or removing menu/visual related permission sets to a user group be aware that these changes will only reflect once a user's session is refreshed and their menu cache cleared. This can be achieved by flushing the menu via the 'Menu Manager' and then having all users log out and back into the system. A quicker method is to instruct users to click the eye icon in their login details section, above the left-hand system menu and to the right of the 'Edit' link. This feature allows users to rebuild their user session and flush their menu cache without having to log out of the system. In any event it should be noted that, unlike other functional related permission changes, changes to a user group's visual or menu-related permissions will not be applied simply by having users log off and log back in.

Main-Menu Items

Let us begin then by identifying the permission sets required for making main-menu options on the left-hand system menu visible. In order to enable a main-menu item (e.g. 'Sales') for a specific user group, the permission method 'enable_menu' must be granted for the permission class associated with that menu item (e.g. 'bb_sales_menu'). The naming convention pattern ensures that, save for the odd exception, the permission class related to any main-menu item would be in the format, 'bb_menuname_menu'. The applicable method relating to any of these permission classes is always 'enable_menu'. Once the 'enable_menu' method is granted for a permission class relating to a main-menu item, members of the group to which it was granted will be able to see that top-level menu item in the system menu.

Sub-Menu Items

Main menu items broadly reflect the various modules of the system. Hovering over any one of these top-level menu items will display a list of sub-sections associated with those modules. For each of these sub-menu items there is a corresponding permission set. In order to enable a sub-menu item (e.g. 'Sales Orders') for a specific user group, the permission method 'enable_menu' must be granted for the permission class associated with that sub-menu item (e.g. 'bb_sales_orders'). As before, the naming conventions guarantee that, as a general rule, the permission class related to any sub-menu item be in the format, 'bb_submenuname' (with each word used in the sub-menu name separated by an underscore).

The applicable method relating to any of these permission classes is always 'enable_menu'. Once the 'enable_menu' method is granted for a permission class relating to a sub-menu item, members of the group to which it was granted will be able to see that menu item in the system menu. If the user group has not been granted access to the main-menu item under which the sub-menu item is naturally designated, then it will appear as a top-level item until such time as the permission to the parent menu-item is also granted.

Again I must stress that both the top-level and sub-menu item permission sets outlined here only relate to the visibility of these options in the system menu and not to the system functionality/sections to which they refer.

Top-level Menu Bar

The top-level menu bar appears right throughout the system at the top of every module section (e.g. 'Module Home' and 'Data Functions'). The top-level menu bar options differ from one module or section to another, depending on the functionality each module offers and the actions relevant to that section. For instance, when on the 'Sales Dashboard' page there is a 'Sales Orders' top-level menu option. This link is relevant to the Sales module and does not appear anywhere in the top-level menu bar in the Publishing module.

In order to enable the top-level menu bar and make it visible for any particular section you must grant the permission method 'menu_bar' for the permission class related to that section. So, granting the 'menu_bar' method for the 'bb_sales' class will make the top-level menu bar visible on the Sales Dashboard. Enabling the top level menu bar for any given section merely makes the menu bar options relevant to that section visible to a user, but does not automatically grant the user access to the areas of the system each of those menu options link to. Thus, in addition to enabling the top-level menu bar, the user must be granted the relevant permission set(s) associated with each top-level menu option.

Data Functions 

The 'Data Functions' top-level menu bar link provides users with a number of data related options, each of which relates to a specific permission method that must be granted in order to be populated in the 'Data Functions' menu list. The following list details each of these permission methods, and the data functions menu options they are associated with. Where the permission class is not specified, please note that the correct class to grant the following methods for would be the class associated with the section of the system you wish to make available these menu options for (e.g. granting them for the 'bb_sales_orders' class would add them to the top-level menu bar of the 'Sales Orders' module).
  • The 'Tree' menu option requires the 'showTree' method
    (for more information on the tree view please refer to the help article titled,     'Tree View: An overview'  at http://www.bluebox.co.za/?showkm&global[uid]=291-(2.System-Basics)-Tree-View:-An-Overview).
  • The 'Add' menu option requires the 'add_form' method (allows a user to add data).
  • The 'List' menu option requires the 'viewlist' method (allows user to list data).
  • The 'Search' menu option requires the 'search_form' method (allows a user to search/filter data).
  • The 'Export' menu option requires the 'export_form' method (allows user to export data).
  • The 'Import' menu option requires the 'import_form' method (allows user to import data).
  • The 'Attach Files' menu option requires the 'attach_files' method.
  • To add the 'Quick List' option to your 'Data Functions' menu bar for all sections you need only grant the following permission set: Class: 'bb_module_quick_list', Method: 'default_method'.
  • The 'Apply Default Data' menu option requires the 'default_data' method.
  • The 'Show System Data' menu option requires the 'admin' method.  

The following 'Data functions' menu options are only available when logged in as the System Administrator and cannot be made accessible to another user by granting their corresponding permission methods. This is due to the severity of the actions associated with these data functions.

  • 'Delete All'
  • 'Drop Column'
  • 'Drop Table'
  • 'Raw Data'
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)