Discussions related to custom development with Select.
timothymeyer16
Posts: 37 Joined: Mon Jun 14, 2021 9:47 am
Post
by timothymeyer16 » Thu Mar 10, 2022 7:50 pm
Good evening,
I'm looking to get an understanding on how to view user permissions from within the API.
Specifically I'm looking to access:
- Which INDIVIDUAL permissions a person has
- AND the INDIVIDUAL Permissions associated to a group.
permissions.PNG (11.83 KiB) Viewed 1083 times
Groups.PNG (29.9 KiB) Viewed 1083 times
Currently I have the below code, but do not see an end point for accessing permissions.
Code: Select all
ISecurityManager secMgr = ss.GetService<ISecurityManager>();
foreach (ISecurityIdentity id in secMgr.Identities.OrderBy(x => x.Name))
{
ISecurityUser user = secMgr.GetUser(id.ID);
foreach (ISecurityIdentity group in user.Groups)
{
foreach(IPermissionInfo permission in group.) // Group.Permissions - How do I see assoicated permissions in the groups?
}
Is there another way to access groups and their assoicated permissions?
1.PNG (112.24 KiB) Viewed 1083 times
timothymeyer16
Posts: 37 Joined: Mon Jun 14, 2021 9:47 am
Post
by timothymeyer16 » Fri Mar 11, 2022 4:47 pm
After researching extensively, I am still lost.
Code: Select all
ISecurityManager secMgr = ss.GetService<ISecurityManager>();
ISecurityIdentity user= secMgr.Identities.Where(t => t.FullName == "UserName").FirstOrDefault();
ISecurityUser userUser = secMgr.GetUser(tim.ID);
SecurityDescriptorFilterSettings filter = new SecurityDescriptorFilterSettings(typeof(ISecurityUser).GUID, user.ID);
// ISecurityIdentity also fails
ISecurityDescriptor secDesc = secMgr.GetSystemSecurityDescriptor(filter); //Fails here
IList<IAccessControlEntry> controls = secDesc.AccessControlEntries;
I believe I need to access the AccessControlEntry to make modifications, but can not successfully instantiate the ISecurityDescriptor class.
PS SecurityDescriptorFilterSettings is nowhere to be found in the documentation.
Please advise.
BobRichards
Posts: 1382 Joined: Wed Jan 15, 2014 3:50 pm
Location: Raleigh, NC
Contact:
Post
by BobRichards » Mon Mar 14, 2022 11:32 am
Can you tell me exactly what you are trying to achieve? Are you trying to view permissions or change something?
Thanks
Bob Richards, Senior Software Developer, SoftPro
timothymeyer16
Posts: 37 Joined: Mon Jun 14, 2021 9:47 am
Post
by timothymeyer16 » Mon Mar 14, 2022 2:17 pm
Ideally both.
We need access to view and modify permissions for users and groups via the API for several upcoming projects.
BobRichards
Posts: 1382 Joined: Wed Jan 15, 2014 3:50 pm
Location: Raleigh, NC
Contact:
Post
by BobRichards » Tue Mar 15, 2022 12:47 am
Here is the code to get all the permissions a user/group has...
Code: Select all
// Pick a valid user.
var secMgr = ss.GetService<ISecurityManager>();
ISecurityIdentity user = secMgr.Identities.Where(t => t.Name == @"SOFTPRO\brichards").FirstOrDefault();
// Get all permissions for user.
IList<IPermissionInfo> permissions = new List<IPermissionInfo>();
ISecurityDescriptor sysDescriptor = secMgr.GetSystemSecurityDescriptor(SecurityDescriptorFilterSettings.Default);
foreach (var permission in secMgr.Permissions)
{
if (secMgr.HasPermission(sysDescriptor, user.ID, permission.ID))
{
permissions.Add(permission);
}
}
...how to add a permission to a user/group...
Code: Select all
// Add a permission - "Pro1099\1099 Notes-Add"
IPermissionInfo permissionNotesAdd = secMgr.Permissions.Where(t => t.Name == @"Pro1099\1099 Notes-Add").FirstOrDefault();
IAccessControlEntry ace = secMgr.NewAccessControlEntry(permissionNotesAdd, user, AccessFlag.Granted);
sysDescriptor.AccessControlEntries.Add(ace);
secMgr.ApplyChanges(sysDescriptor);
...and finally how to remove that permission later.
Code: Select all
IPermissionInfo permissionNotesAdd = secMgr.Permissions.Where(t => t.Name == @"Pro1099\1099 Notes-Add").FirstOrDefault();
SecurityIdentifier secIdentifier = new SecurityIdentifier(user.ID, user.Name, user.FullName);
IAccessControlEntry ace = sysDescriptor.AccessControlEntries
.Where(t => t.PermissionID == permissionNotesAdd.ID && t.SecurityIdentifier == secIdentifier).FirstOrDefault();
sysDescriptor.AccessControlEntries.Remove(ace);
secMgr.ApplyChanges(sysDescriptor);
Let me know how it goes.
Bob Richards, Senior Software Developer, SoftPro