JBStrap user roles

The framework’s security solution is role based. Users must have Roles and these roles contain the user access rights, which determines what content they can see.

A user can have multiple roles, one of which must be selected as the currentRole. This role will be the one that determines the user’s access rights. If the user has A B and C roles, and their currentRole is B , they can access any content that is public, or is assigned to the B role. They will not be able to view any other content, such as content that is restricted to C or A users, as the user’s currentRole is not C or A .

The user roles are represented by the Role class. This class must be specified as the user’s currentRole , and a list of this class must be assigned to the user’s role parameter.

The following data is stored in the Role class:

  • code : The role’s short name. This must be specified. This is used to refer to the role in the code and annotations.
  • name : The full name of the Role. Not mandatory. This name is displayed on the user interface, so it is recommended that you use a name that describes this role clearly to the users. If not specified, the code will be displayed instead.
  • description : The role description. Not mandatory. Used to further describe the role’s purpose.

Creating a role. The code will be ADMIN and the name will be System administrator. No description will be specified:
Setting the user’s roles. The ADMIN and POWER_USER, USER roles will be assigned to the user (which itself is stored in the user variable). The currentRole will be the POWER_USER role: