B4J Library jAuthorization (Beta)

With this Lib you can

- define user authorizations
- save it to a RAF file (pw encrypted)

from your B4J app

- ask if the user/app is authorized to perform a function depending on parms

What is it good for?

If you design a multi user system you have to care about what the users may do or not. This library offers not only to check a function like "ReadFile/WriteFile". With it you can combine it (conditional) with parameters like "Read File xyz when it's sunday and it's after 10am and the sun is shining". Very simple but very dynamic an mighty.

First step

First we have to create a Authorization List with single Authorizations (Arrays). It's like a user profile. A structure is created and written to a pw-encrypted file (the pw just prevents a user to change his/her profile)

'Create Authorization structure and write it to file
    MyAuthorizationList.Initialize
    Dim SingleAuthorization() As String
    SingleAuthorization = Array As String("ReadCustomerData","CustomerAge", "50", "60", "CustomerHairColour", "121", "256")
    MyAuthorizationList.Add(SingleAuthorization)
    Dim SingleAuthorization() As String
    SingleAuthorization = Array As String("CallCustomer","CustomerAge", "30", "40", "DayOfWeek", "1", "5")
    MyAuthorizationList.Add(SingleAuthorization)
   
    Dim User As Authorization
    User.WriteAuthFile(File.DirApp, "Authorization.dat","Password", MyAuthorizationList)

A single authorization is a single function + parameters in your app. So if you want to know if a user may use the function "ReadCustomerData" just add an array to the Authorization list with the parameters you define.

Here (in words) the intention is to define that the user may use the function "ReadCustomerData" if the customer is between 50 and 60 years old and his/her hair colour has a value between 121 and 256.

In the second like it say's the user may use the function "CallCustomer" but the customer must be between 30 and 40 years old and it the day of the week must be between 1 and 5 (-> Monday - Friday).

Ok, that may not make sense but it shows what possibilities you have with it: Endless. Of course you have to provide all the data you want to check (like get the customers age from your customer database)

The file has to be written once (or when the profile changes). You can import the data from a db or from any source you like. My lib needs just that file to work with.

How to check authorizations?

Easy. Initialize it with the filepath, the filename and the pw. It loads the user's profile you've created before.

Dim User As Authorization
    User.Initialize(File.DirApp, "Authorization.dat","Password")

    Log(User.HasAuthority(Array As String ("ReadCustomerData","CustomerAge", "50", "CustomerHairColour","215")))
    Log(User.HasAuthority(Array As String ("ReadCustomerData","CustomerAge", "40", "CustomerHairColour","215")))
   
    Log(User.HasAuthority(Array As String ("CallCustomer","CustomerAge", "31", "DayOfWeek","4")))
    Log(User.HasAuthority(Array As String ("CallCustomer","CustomerAge", "31", "DayOfWeek","6")))

Using the profile from above, just use the method "HasAuthority" and pass an array with the parameters. The first parameter must be the function followed by the parameters you want to ask for.

User.HasAuthority(Array As String ("CallCustomer","CustomerAge", "31", "DayOfWeek","4"

means you ask if the user may call a customer which is 31 years old on a Thursday (day 1 = Monday). You will get a true so the user may perform it.

User.HasAuthority(Array As String ("CallCustomer","CustomerAge", "31", "DayOfWeek","6"

means you ask if the user may call a customer which is 31 years old on a Saturday. You will get a false so the user may NOT perform it.

Hint: The values of the profile and the Array in which you ask for authorization must have the same length to prevent unwanted resilts (e.g.: CustomerAge 00-60 -> so ask for 07 instead of just 7).

Notice: It's a Beta version. I've tested it but... Please feel free to ask/report errors, etc.

 

[jmon]

Hi, thank you. This is a very nice library.

Could it be possible to save the authorization into a database? Or how do you imagine a case where all the user permissions are stored in a centralized location? I'm thinking about this in case where an admin needs to modify users permissions.

 

[KMatle]

Could it be possible to save the authorization into a database

Of course you can. To keep it simple and because the file "Authorization.dat" is small, I would create a UI with B4J and store the single authorizations in a MySQL table via HttpUtils & php (or use SQLite if you're want to use B4J on the server side, too). At every start of the app just download the Authorization file.

I was thinking about to add a method to the lib to handle a db but there are too many options, Any ideas are welcome. I could add a download method. The db side is up to you. Ideas/wishes are welcome.

 

[KMatle]

Here's an example to download the file. I'm using a map here. Just put it to job.tag and get it back in Job.Done.

Public Sub InitializeFromServer (ServerPath As String, FilePath As String, FileName As String, FilePW As String)
 
    Dim FileMap As Map
    FileMap.Initialize
    FileMap.Put("FilePath", FilePath)
    FileMap.Put("FileName", FileName)
   
   
    Dim IFS As HttpJob
        IFS.Initialize("GetAuthFileFromServer", Me)
        IFS.Tag = FileMap
        IFS.Download(ServerPath)

End Sub

Sub JobDone(job As HttpJob)
   If job.Success Then
     
    Dim FileMap As Map
    FileMap.Initialize
    FileMap=job.Tag
   
     Dim out As OutputStream = File.OpenOutput(FileMap.Get("FilePath"), FileMap.Get("FileName"), False)
     File.Copy2(job.GetInputStream, out)
     out.Close 
     Log("Init from Server: OK ")
    Log("FilePath: " & FileMap.Get("FilePath"))
    Log("FileName: " & FileMap.Get("FileName"))
   Else
     Log("Error: " & job.ErrorMessage)
   End If
   job.Release
End Sub

 

[Mashiane]

Beautiful, could be very handy for me.