The Protected Property
From WebRatio WebML Wiki
|
|
|
Introduction
Sometimes it's necessary to restrict the access of a part of a Web application only to a particular groups of users. In WebRatio this is done through the "Protected" property. The Protected property is located in the Properties View of Site Views, Areas,
Pages, Operation Groups, and Operation Units. Enabling the flag on this property means that only the users related to the correct group (or groups) can access the element. The access rights are defined using the User, Group, Module entities and the relationships among them. The purpose of this article is to show how to use correclty the Protected property. Other aspects of the Web application protection are treated in the How to use the protected modules article.
The Protection
Site Views, Areas, Pages, Operation Groups, and Operation Units can be set as protected by enabling the flag Protected in the Properties View. All the elements contained in a protected module automatically inherit the property and will be protected as well.
| 
|
| 
|
In order to define the access rights of a protected element, it's necessary to add each element as record of the Module entity (see the WebRatio Admin Area paragraph in the How to use the protected modules article).
The Module Entity has the following attributes:
- OID: the primary key
- ModuleName: the name of the module
- ModuleID: the id of the module
With the examples shown above, the Module entity will contain the following data:
 |
|
If each element contained in an Operation Group, Area or Site View must be protected, a better way is to define only the container as protected (e.g. protect only the Operation Group, Area or Site View), managing only one element in the Module entity instead of defining each element as protected (and then creating and managing different entries in the Module entity which the same rights).
In this example, all the elements of the Product Area of the Acme application are protected:
The module table would be:
| Oid | ModuleName | ModuleID |
|---|---|---|
| 1 | By category page | page4 |
| 2 | Product page | page2 |
| 3 | By price page | page18 |
| 4 | Product search page | page19 |
| 5 | Images page | page5 |
an equivalent protection can be obtained protecting only the Product Area:
Here the module table would be:
| Oid | ModuleName | ModuleID |
|---|---|---|
| 1 | Products area | area1 |
In the second way we obtain an equivalent result, without managing lots of entries in the Module table (every entry in the Module table needs to be managed with the relations with the Group table). It's possible to define a superior level of protection defining as protected an element inside a protected container. This means that among all the users that has the access to the container, only the users that have access to the protected element can access to it.
In this example:
The Module table would be:
| Oid | ModuleName | ModuleID |
|---|---|---|
| 1 | Products area | area1 |
| 2 | Images page | page5 |
and only the group of users linked to both the modules can access to the Images Page. The same concepts can be applied to Operation Units and Operation Groups.
