IService Permission Update - Breaking Change

posted Jan 17, 2018, 3:50 PM by Greg Kent   [ updated Jan 24, 2018, 3:08 PM ]
IService permission verification has been updated to match functionality of statement verification. Specifically:
  • VerifyPermission now verify pattern {ClassName}{ServiceName}. It previously used pattern {ServiceName}. This is a breaking change
  • VerifyPermission now supports allowing inheritance which is set within each Service. Note if Service.AllowInheritance is null, it cascades to value set for qbo.Application.Properties.Settings.Default.AllowInheritance

Fix Service Permissions

SystemFunction contains a new method ListInvalidServiceFunctions that will:
  • Identify any SystemFunctions that match the old naming pattern for each ServiceName {ServiceName}
  • Insert new SystemFunction {ClassName}{ServiceName} if it does not exist
  • Copy all SystemPermissions tied to original SystemFunction under new SystemFunction
It also supports a preview method. Usage:

  • /Security/SystemFunction.ashx/ListInvalidServiceFunctions?Output=Xml - will display a preview of the old SystemFunction, new SystemFunction and count of SystemPermissions that are associated with old SystemFunction. No inserts occur.
  • /Security/SystemFunction.ashx/ListInvalidServiceFunctions?Output=Xml&Update=true - will Insert new SystemFunctions and SystemPermissions with above logic
Example:
  • Contact module has a Service registered labeled AccurintSearch which has permissions tied to SystemRole User.  There is a corresponding SystemFunction labeled AccurintSearch
  • After the update, there will be a new SystemRole record ContactAccurintSearch with a SystemPermission record pointing to SystemRole User
Note with class inheritance, classes such as Organization,Court, Person and other classes that inherit from Contact will show Services registered under their classes. ListInvalidServiceFunctions will also insert SystemFunctions for:

  • OrganizationAccurintSearch
  • CourtAccurintSearch
  • PersonAccurintSearch
  • etc.
and copy SystemPermissions for each.

Important

Please ensure the update is run before Queue Service or any site activity occurs on the target platform. This is becuase SystemFunctions will automatically insert if they do not exist. By being inserted, they will be excluded from ListInvalidServiceFunctions and SystemPermissions will not be copied. 

Comments