The framework’s security solution is role based. Users must have Roles and these roles contain the user access rights, which determines what content they can see.
A user can have multiple roles, one of which must be selected as the currentRole. This role will be the one that determines the user’s access rights. If the user has A B and C roles, and their currentRole is B , they can access any content that is public, or is assigned to the B role. They will not be able to view any other content, such as content that is restricted to C or A users, as the user’s currentRole is not C or A .
The user roles are represented by the Role class. This class must be specified as the user’s currentRole , and a list of this class must be assigned to the user’s role parameter.
The following data is stored in the Role class:
- code : The role’s short name. This must be specified. This is used to refer to the role in the code and annotations.
- name : The full name of the Role. Not mandatory. This name is displayed on the user interface, so it is recommended that you use a name that describes this role clearly to the users. If not specified, the code will be displayed instead.
- description : The role description. Not mandatory. Used to further describe the role’s purpose.