In the previous example it was shown that the user “cpowers” has a membership which denies the ability to edit within the Data Source “ManagingEnergy_Template”. Let’s try to change a name of a facility within the “ManagingEnergy_Template” Data Source to see what happens.
try { // Set the user identity of the thread context User user = api.Login("cpowers", "50957604");
// Get a facility within the ManagingEnergy_Template Data Source Facility facility = api.PortfolioManager.GetFacility("ManagingEnergy_Template", "01", "7023"); Console.WriteLine(facility);
// lets see if we can change the facility name facility.Name = "New Name"; } catch (ManagingEnergy.Security.SecurityException ex) { Console.WriteLine("Exception Thrown"); Console.WriteLine(ex.Message); }
// OUTPUT 7023 - Springfield Recreational Centre Exception Thrown You do not have the required permission to perform the requested action. You must be a member of the 'Editor' role within the security context 'ManagingEnergy_Template : 01 : 7023'.
|
When the attempt was made to change the name of the facility, the API first determined the context in which the operation was occurring. In this case the context was 'ManagingEnergy_Template : 01 : 7023'. Since the cpowers’ role membership specifies that he may not edit anything within the “ManagingEnergy_Template” Data Source an exception was generated and displayed in the output. The exception makes reference to the fact the user must be a member of the “Editor” role within the context in question.
Security and User Identity
In the example just shown the Login method was called which set the identity of the thread context the specified user. If we had not called the Login method (or alternatively ManagingEnergy.Security.UserPrincipal.SetIdentity) security enforcement would not have occurred. You must first set the user identity if you would like security to be enforced.