Skip to main content
Version: Current

API reference - authorisation API

The authorisation API consists of two main classes that enable you to add permission checks to your custom component.

  • RightSummaryCache is a Kotlin class whose instance can be obtained by simply injecting it into your custom component. This relates directly to the permission codes functionality covered in more detail in the Authorisation Overview. The method userHasRight(userName: String, rightCode: String): Boolean is used to determine if a particular user has the permission to a rights code.

  • AuthCache is a Kotlin class whose instance should be created by calling the static method AuthCache.newReader(mapName: String, updateQueue: UpdateQueue): AuthCache. An UpdateQueue instance can be obtained from an injected RxDb connection: rxDb.updateQueue. A permission check for the entity is done by calling isAuthorised(entityId: String?, userName: String): Boolean. How this works is also covered in more detail in the Authorisation Overview.

Permission code API

package global.genesis.session
// imports omitted for brevity

@Singleton
class RightSummaryCache 
@Inject constructor(db: RxDb) : AbstractBulkTableSubscriber<RightSummaryCache.RightSummary>(
    db,
    "RIGHT_SUMMARY"
) {        
    // other members omitted for brevity    
    fun userHasRight(userName: String, rightCode: String): Boolean {        
        // details omitted for brevity 
    }
}

AuthCache API

package global.genesis.session
// imports omitted for brevity

class AuthCache private constructor(private val mapName: String, updateQueue: UpdateQueue) : MasterAuthCache {      
    companion object {        
        @JvmStatic        
        fun newReader(mapName: String, updateQueue: UpdateQueue): AuthCache {
            // details omitted for brevity       
        }    
    }    
    
    override fun isAuthorised(entityId: String?, userName: String): Boolean {        
        // details omitted for brevity   
    }
}

In practice

The example below shows permission codes and AuthCache in use:

// import and package omitted for brevity 

@Moduleclass PriceFeedEventHandler @Inject constructor(    
    private val rxDb: RxDb,    
    private val rightSummaryCache: RightSummaryCache
) : SyncEventHandler<PriceFeedRequest, EventReply> {    
    private lateinit var authCache: Authority    
    @Inject    
    fun init() {        
        LOG.info("Starting Price Feed Handler")        
        authCache = AuthCache.newReader("PRICE_FEEDS", rxDb.updateQueue)    
    }    
    
    override fun process(event: Event<PriceFeedRequest>): EventReply {        
        val userName = event.userName        
        // Determines if User has access to any PRICE_FEED        
        if (rightSummaryCache.userHasRight(userName, "PRICE_FEEDS")) {            
            // Determines if User has granular access to a specific PRICE_FEED            
            val feedName = event.details.name            
            if (authCache.isAuthorised(feedName, userName)) {                
                val feelUrl = getFeedUrl(feedName)               
                return EventReply.EventAck(listOf(mapOf("FEED_URL" to feelUrl)))            
            }        
        }        
        return StandardError("NOT_AUTHORISED", "User $userName lacks sufficient permissions").toEventNackError()    
    }    
    
    private fun getFeedUrl(feedName: String): String {        
        // details omitted for brevity        
        return "TODO"    
    }    
    
    companion object {        
        private val LOG = LoggerFactory.getLogger(PriceFeedEventHandler::class.java)    
    }
}