AccessControlHandler extends ActionEdgeSource, ContainsFunctions, ContainsOperations, ContainsValues, ContainsWires, GeneratesElements, NamedElement, ParameterEdgeDestination, RequiresEdgesSource

Examples

• UserMultiplePermissionsOr.iaml (source)
  • An AccessControlHandler which requires only one of two permissions, which are connected by a ConstraintEdge. [UserMultiplePermissionsOr]
• UserRolesLoginHandler.iaml (source)
  • Restricting access to frames containedwithin a Session by enforcing user loginand checking the current user has a given Role. [UserRolesLoginHandler]

Implementation Notes

• If an AccessControlHandler's requirementsare connected by a ConstraintEdge of type "OR", only one of the requirements will be necessary to permit access. [UserMultiplePermissionsOr]
• A AccessControlHandler has a BuiltinOperation named 'check permissions'. [Contents]
• An AccessControlHandler has a BuiltinOperation named 'check permissions'. [AccessControlHandler]

Inference Rules

• If an AccessControlHandler specifies a 'login' ECARule that goes to a Frame, the same Frame will be used as the login Frame for the generated LoginHandler. [users]
• If an AccessControlHandler specifies a 'logout' ECARule that navigates to a Frame, the same Frame will be used as the logout Frame for the generated LoginHandler. [users]
• If an AccessControlHandler specifies a 'success' ECARule that navigates to a Frame, the same Frame will be used as the successful login Frame for the generated LoginHandler. [users]
• An AccessControlHandler has a BuiltinOperation named 'check permissions'. [users]
• A Frame protected by an AccessControlHandler will execute the 'page permissions check' Operation when the frame is accessed. [users]
• A Frame protected by an AccessControlHandler will have an Operation named 'page permissions check'. [users]
• A Frame within a Session protected by an AccessControlHandler will execute the 'permissions check' Operation when the frame is accessed. [users]
• A Frame within a Session protected by an AccessControlHandler will have an Operation named 'permissions check'. [users]
• The 'permissions check' Operation defined by an AccessControlHandler protecting a Frame within a Session will navigate to the 'login' Frame within a separate login Session if the check fails. [users]
• The 'permissions check' Operation defined by an AccessControlHandler protecting a Frame within a Session will navigate to the 'login' Frame within the same Session if the check fails. [users]
• A LoginHandler is generated for a Frame contained within a Session that contains an AccessControlHandler. [users]
• An AccessControlHandler protecting a Session with a defined Role-based access requirement will provide the default Role as a Parameter to the created LoginHandler. [users]
• The DomainIterator representing the current instance of an AccessControlHandler check, protecting a Frame within a Session, will be provided as a Parameter to the generated LoginHandler. [users]
• The DomainIterator representing the current instance of an AccessControlHandler check, protecting a Session, will be provided as a Parameter to the generated LoginHandler. [users]
• A LoginHandler is generated for a Session that contains an AccessControlHandler. [users]
• A DomainIterator within a Session protected by both an AccessControlHandler and LoginHandler of type DOMAIN_OBJECT or USER, but the AccessControlHandler requires a Permission without a Role, and which does not specify a SelectEdge, will use the same DomainSource as the DomainType used as a Parameter to the AccessControlHandler. [login-handler]
• A DomainIterator within a Session protected by both an AccessControlHandler and LoginHandler of type DOMAIN_OBJECT or USER, but the handlers both use different DomainTypes (for example, with inheritance), and which does not specify a SelectEdge, will use the same DomainSource as the DomainType used as a Parameter to the AccessControlHandler. [login-handler]
• A DomainIterator within a Session protected by both an AccessControlHandler and LoginHandler of type DOMAIN_OBJECT or USER, but the handlers both use the same DomainTypes, and which does not specify a SelectEdge, will use the same DomainSource as the DomainType used as a Parameter to the AccessControlHandler. [login-handler]

Constraints

• "Some of the ECARules defined for this trigger may not be executed, as an unconditional navigation will occur due to the priority order, halting ECARule execution" [Checks.chk] [from ActionEdgeSource]
• "You should not have a contained Property named 'fieldValue', unless it is contained within the fieldValue containment feature" [Checks.chk] [from ContainsValues]

Attributes

Inherited Attributes

• generatedRule : EString (optional)
  To assist in debugging, this attribute may be populated with the name of the model completion rule that created this element. More extensive traceability support may be provided in the future.
• id : EString (optional)
  A unique identifier for this model element. Should be globally unique.
• isGenerated : EBoolean (optional)
  Set to true if the current element has been generated.
• name : EString (optional)
  A non-unique string that names a given object.
• overridden : EBoolean (optional)
  If a GeneratesElements is overridden, then this element will not generate any elements directly.
• overriddenNames : EString (optional)
  When applying model completion, no NamedElements with these names will be generated by this element.

Children

Inherited Children

• conditionEdges : [0...*] SimpleCondition
  A list of contained SimpleConditions.
• constraintEdges : [0...*] ConstraintEdge
  A list of contained ConstraintEdges.
• ecaRules : [0...*] ECARule
  A list of contained ECARules.
• extendsEdges : [0...*] ExtendsEdge
  A list of contained ExecutionEdges.
• functions : [0...*] Function
  A list of contained Functions.
• operations : [0...*] Operation
  A list of contained Operations.
• parameterEdges : [0...*] Parameter
  A list of contained Parameters.
• providesEdges : [0...*] ProvidesEdge
  A list of contained ProvidesEdges.
• requiresEdges : [0...*] RequiresEdge
  A list of contained RequiresEdges.
• schemaEdges : [0...*] SchemaEdge
  A list of contained SchemaEdges.
• selectEdges : [0...*] SelectEdge
  A list of contained SelectEdges.
• values : [0...*] Value
  A list of contained Values.
• wires : [0...*] Wire
  A list of contained Wires.

References

Inherited References

• generatedBy : [0...*] GeneratesElements [opposite: generatedElements]
  A list of elements that generated this element; conversely, overriding the source will prevent this element from being created.
• generatedElements : [0...*] GeneratedElement [opposite: generatedBy]
  A list of GeneratedElements that this element has generated through model completion.
• inParameterEdges : [0...*] Parameter [opposite: parameterTerm]
  A list of incoming Parameters.
• listeners : [0...*] ECARule [opposite: trigger]
  A list of outgoing ECARules.
• outRequiresEdges : [0...*] RequiresEdge [opposite: from]
  A list of outgoing RequiresEdges.

Extensions

Inherited Extensions

• List[model::Operation] allContainerOperations(model::ContainsOperations this) [GeneratorExtensions.ext]
• availableInCurrentScriptAction(model::ActionEdgeSource source,model::Action target) [GeneratorExtensions.ext]
• model::visual::Frame containingFrame(model::NamedElement this) [Extensions.ext]
• model::Scope containingScope(model::NamedElement this) [GeneratorExtensions.ext]
• model::visual::Frame frameContainingOperation(model::NamedElement this) [GeneratorExtensions.ext]
• getFailHandler(model::ActionEdgeSource this) [GeneratorExtensions.ext]
• safeName(model::GeneratedElement this) [GeneratorExtensions.ext]
• simpleName(model::NamedElement this) [GeneratorExtensions.ext]