Programmatic supplementing of groups, users and rights

The rights administration takes place in onion.net via groups. A group contains any number of members, as well as rights for the hierarchically arranged data structure. The rights definition differentiates between the exact object and the child structure. The latter is recursively inherited.

The following example creates a group, a user and a rights definition:

using System;
using Onion.Client;

class Program
{
  private static void Main(string[] args)
  {
    using (var session = new OnionSession("ipc://onion.net/onion/server", "admin", "admin"))
    {
      IGroup group = session.UserManagement.Groups.Create("Testgruppe");
      IUser user = session.UserManagement.Users.Create("Max Mustermann", "max");

      group.Members.Add(user);

      IDataObject contacts = session.Repository.Lookup("Client API Testdata", "1. Contacts");
     
      var right = new Right(contacts)
                    {
                      Read = RightValue.Set,
                      Delete = RightValue.Clear,
                      CreateChildren = RightValue.Set,
                      ModifyChildren = RightValue.Set,
                      DeleteChildren = RightValue.Set
                    };

      group.Rights.Add(right);
    }
  }
}

The property “IOnionSession.UserManagement” groups all functions for the administration of users and groups. The user becomes a member of the new group via the call “IGroup.Members.Add”. He automatically receives all rights defined in this group.

The object rights only refer to the object, whereas the child rights only refer to the child structure. Not only the direct child objects are concerned here, but the entire data strand, until the inheritance is overridden by a new right. You can therefore set a right (Set), clear it (Clear) and inherit it (Inherit). These possible values can be found again in the editor by looking for a green tick, a red cross and a grey area.

Enterprise ChangeSets Changing the information model