|
|
(21 intermediate revisions by 5 users not shown) |
Line 1: |
Line 1: |
| <html> | | <message>Write the content here to display this box</message> |
| | <html> |
| | <h4> |
| | <strong> Access Groups </strong> |
| | </h4> |
| | In this part of the MDriven Designer sessions, we show access groups, including how you can use them to authenticate and authorize |
| | users. You probably have different users in your system and these users are likely associated with an access group in some way |
| | (ActiveDirectory or something in your application). You will want to allow and disallow user groups to execute actions. This |
| | could be done by enabling expressions on the Actions – but that would not be commendable since it would "kidnap" the use of enable |
| | from the normal things you use enable for (checking the data state). Also, if a user is never allowed to execute “TheAdminInterface”, |
| | it might be best to hide that action from view altogether. To facilitate this in MDrivenDesigner, we have a concept called |
| | <strong> AccessGroups</strong>. |
| | <br> We have also demonstrated how you can continue with the fast-paced loop of edit and deploy. |
|
| |
|
| <h4> <strong> Access groups </strong></h4>
| | <p class="video-warn"> |
| | | <em>To make your experience smooth, we set the main tags mentioned in the video to the right bar menu of this mini-player. Choose an interesting subtitle on the list and immediately get to the exact theme navigation item place in the video. Now you can pick any topic to be instructed on without watching the whole video.</em> |
| In this part of MDriven designer sessions access groups have been shown
| |
| and how we can use them to authenticate and authorize users.
| |
| You probably have different users in your system and these users are probably associated with an access group somehow (ActiveDirectory or something in your application).You will want to allow and disallow user groups to execute actions.This could be done as enable expressions on the Actions – but that would not be very nice since it would kidnap the use of enable from the normal things we use enable for (check data state). Also if a user is never allowed to execute “TheAdminInterface” it might be best to hide that action from view all together.
| |
| To facilitate this Modlr has a new concept called <strong> AccessGroups </strong>.
| |
| <br>
| |
| Also we have demonstrated how you can continue with the fast pace loop of edit and deploy.
| |
| | |
| <p> | |
| <em>To make your experience more comfortable, we set the main tags mentioned in the video to the right bar menu of this mini player. Choose the interesting subtitle on the list and immediately get to the exact theme timeplace in the video. Now you can pick any topic to be instructed without watching the whole video.</em> | |
| <style type="text/css">
| |
| p {
| |
| opacity: 0.7;
| |
| text-align: justify;
| |
| width: 90%;
| |
| padding-bottom: 10px;
| |
| }
| |
| </style>
| |
| </p> | | </p> |
| <style>
| |
| #video12 {
| |
| position: relative;
| |
| height: 500px;
| |
| width:560px;
| |
| padding-bottom: 10px;
| |
| }
| |
| #video12 iframe {
| |
| position: absolute;
| |
| min-height: auto;
| |
| min-width: auto;
| |
| }
| |
| #video12 div {
| |
| position: absolute;
| |
| top: 0;
| |
| left:760px;
| |
| width: 260px;
| |
| height: 100%;
| |
| padding-left: 10px;
| |
| overflow-y: auto;
| |
| }
| |
| span {
| |
| font-size: 18;
| |
| display:block;
| |
| padding: 2px 10px 2px 10px;
| |
| padding-bottom: 0.5;
| |
| padding-top: 0.5;
| |
| opacity: 0.7;
| |
| }
| |
| span:hover {
| |
| color: #0000FF;
| |
| cursor: pointer;
| |
| }
| |
| span:focus {
| |
| color: blue;
| |
| </style>
| |
| </br>
| |
| <div id="video12">
| |
| <iframe width="740" height="500" src="https://www.youtube.com/embed/gagY3OFVCyw?rel=0&autoplay=0" frameborder="0" allowfullscreen></iframe>
| |
| <div>
| |
|
| |
|
| <span data-video="yDKHzI992jQ" data-start="69" tabindex="0"> MDriven turnkey
| | <div class="video"> |
| </span>
| | <div class="video__wrapper"> |
| <span data-video="yDKHzI992jQ" data-start="90" tabindex="0"> Cloud connection tool </span>
| | <iframe src="https://www.youtube.com/embed/H8OcmC6EFD0?rel=0&autoplay=0" frameborder="0" allowfullscreen></iframe> |
| <span data-video="yDKHzI992jQ" data-start="246" tabindex="0"> License and ticket site </span>
| | </div> |
| <span data-video="yDKHzI992jQ" data-start="326" tabindex="0"> Viewmodel named index </span>
| | <div class="video__navigation"> |
| <span data-video="yDKHzI992jQ" data-start="516" tabindex="0"> MDriven designer snippets </span>
| | <span class="navigation-item" data-video="H8OcmC6EFD0" data-start="74" tabindex="0"> MDriven Turnkey |
| <span data-video="yDKHzI992jQ" data-start="546" tabindex="0"> <strong> ASPNETIdentity.snippets:</strong> </span>
| | </span> |
| <span data-video="yDKHzI992jQ" data-start="648" tabindex="0"> • Apply snippet dialogue </span>
| | <span class="navigation-item" data-video="H8OcmC6EFD0" data-start="90" tabindex="0"> Cloud connection tool </span> |
| <span data-video="yDKHzI992jQ" data-start="787" tabindex="0"> • SysUser </span>
| | <span class="navigation-item" data-video="H8OcmC6EFD0" data-start="95" tabindex="0"> License and ticket site </span> |
| <span data-video="yDKHzI992jQ" data-start="805" tabindex="0"> • SysSingleton </span>
| | <span class="navigation-item" data-video="H8OcmC6EFD0" data-start="331" tabindex="0"> ViewModel named index </span> |
| <span data-video="yDKHzI992jQ" data-start="1029" tabindex="0"> MDriven server persistence </span>
| | <span class="navigation-item" data-video="H8OcmC6EFD0" data-start="521" tabindex="0"> MDriven Designer snippets </span> |
| <span data-video="yDKHzI992jQ" data-start="1289" tabindex="0"> Authentication on the site </span>
| | <span class="navigation-item" data-video="H8OcmC6EFD0" data-start="551" tabindex="0"> |
| <span data-video="yDKHzI992jQ" data-start="1379" tabindex="0"> <strong> Access Groups of users:</strong> </span>
| | <strong> ASPNETIdentity.snippets:</strong> |
| <span data-video="yDKHzI992jQ" data-start="1479" tabindex="0"> • Actions controlled by access groups </span> </div>
| | </span> |
| | <span class="navigation-item" data-video="H8OcmC6EFD0" data-start="653" tabindex="0"> • Apply snippet dialogue </span> |
| | <span class="navigation-item" data-video="H8OcmC6EFD0" data-start="792" tabindex="0"> • SysUser </span> |
| | <span class="navigation-item" data-video="H8OcmC6EFD0" data-start="810" tabindex="0"> • SysSingleton </span> |
| | <span class="navigation-item" data-video="H8OcmC6EFD0" data-start="1034" tabindex="0"> MDriven Server persistence </span> |
| | <span class="navigation-item" data-video="H8OcmC6EFD0" data-start="1294" tabindex="0"> Authentication on the site </span> |
| | <span class="navigation-item" data-video="H8OcmC6EFD0" data-start="1384" tabindex="0"> |
| | <strong> Access Groups of Users:</strong> |
| | </span> |
| | <span class="navigation-item" data-video="H8OcmC6EFD0" data-start="1484" tabindex="0"> • Actions controlled by access groups </span> |
| | </div> |
| </div> | | </div> |
|
| |
|
| <script>
| |
| var IMG = document.querySelectorAll('#video12 span'),
| |
| IFRAME = document.querySelector('#video12 iframe');
| |
| for (var i = 0; i < IMG.length; i++) {
| |
| IMG[i].onclick = function() {
| |
| IFRAME.src = 'http://www.youtube.com/embed/' + this.dataset.video + '?rel=0&autoplay=1';
| |
| if(this.dataset.end) IFRAME.src = IFRAME.src.replace(/([\s\S]*)/g, '$1&end=' + this.dataset.end);
| |
| if(this.dataset.start) IFRAME.src = IFRAME.src.replace(/([\s\S]*)/g, '$1&start=' + this.dataset.start);
| |
| this.style.backgroundColor='rgba(0,0,0,.2)';
| |
| }
| |
| }
| |
| </script>
| |
| </html> | | </html> |
| | | [[Category:MDriven Designer Sessions]] |
| '''Raw subtitles text'''
| | [[Category:MDriven Designer]] |
| | | [[Category:MDriven Turnkey]] |
| ok, so we are now in a position where
| | [[Category:Cloudform]] |
| | | [[Category:Access groups]] |
| we have done some work on our model
| | {{Edited|July|12|2024}} |
| | |
| we have run the prototyping tool on the model
| |
| | |
| back and forth
| |
| | |
| and ended up in a situation
| |
| | |
| where we have a couple of views
| |
| | |
| that allows us navigation between the views
| |
| | |
| the next step is maybe that we want
| |
| | |
| to involve real users trying out the system
| |
| | |
| and of course, we could have the real
| |
| | |
| users download MDriven designer
| |
| | |
| and execute the same way as we do here
| |
| | |
| but that will probably not happen
| |
| | |
| even if it was, when we are done
| |
| | |
| actually setting the system in production
| |
| | |
| we want to consume it another way, of course
| |
| | |
| so that leads us to turnkey, MDriven turnkey
| |
| | |
| MDriven turnkey is a platform to execute everything you
| |
| | |
| do in MDriven designer in a cloud app
| |
| | |
| so let's get that started
| |
| | |
| from within MDriven designer you will find
| |
| | |
| the cloud connection tool,
| |
| | |
| so something like this screen
| |
| | |
| and this is the login that
| |
| | |
| you do with your license and ticket password as a user
| |
| | |
| I usually use the google social
| |
| | |
| login to avoid, to remove
| |
| | |
| the hassle of remembering passwords etc
| |
| | |
| so I'm pressing that one and
| |
| | |
| now I'm logged in as myself
| |
| | |
| I don't need to press this refresh button
| |
| | |
| to get access to the turnkey sites
| |
| | |
| that I have, that are available to me
| |
| | |
| refresh and now I see the turnkey sites
| |
| | |
| that are available to me
| |
| | |
| in your combo box that will probably be one or two
| |
| | |
| so this is the one that I'm going for
| |
| | |
| this is a blank one that I just set up
| |
| | |
| following other instructions on the site
| |
| | |
| I'm not going to explain that here but
| |
| | |
| it's easy to find how to do this
| |
| | |
| so we can check status on that one and
| |
| | |
| we see that it responds,
| |
| | |
| so what we will want to do now
| |
| | |
| is to upload the model that
| |
| | |
| we have into this site
| |
| | |
| so upload model
| |
| | |
| then it's done and we check status and
| |
| | |
| what it says evolve started
| |
| | |
| meaning that ok
| |
| | |
| the database wasn't in the state that equals the
| |
| | |
| model that I have uploaded
| |
| | |
| so the turnkey logic need to change it,
| |
| | |
| it says that it has done the following change script
| |
| | |
| and applied it to the database
| |
| | |
| and that's ok, so having done that
| |
| | |
| we should actually head over to
| |
| | |
| what we can do is to jump to the license and ticket site
| |
| | |
| pops up here, this is what it looks like
| |
| | |
| I'm going to log into that as well
| |
| | |
| I had my google account
| |
| | |
| well now it doesn't remember because
| |
| | |
| this was edge I'm going to do the same thing in chrome
| |
| | |
| so I don't have to have my google logged in in two places
| |
| | |
| license and ticket and I was logged in
| |
| | |
| and I go to show my turnkey sites and this list
| |
| | |
| is of course the same as the list I see here
| |
| | |
| from this one, manage one turnkey site
| |
| | |
| and then visit site going to press ctrl
| |
| | |
| so that I don't navigate away from
| |
| | |
| this new tab and then it tells me
| |
| | |
| missing page - you need to create a viewmodel named index
| |
| | |
| ok, so that's a requirement for turnkey
| |
| | |
| driven site that the model contains viewmodel that's named index
| |
| | |
| so easy enough to fix, add model elements and
| |
| | |
| the viewmodel you didn't see that one
| |
| | |
| because that were out of screen
| |
| | |
| call this one index and when I open it up
| |
| | |
| I'm gonna give it a class,
| |
| | |
| add a generic column
| |
| | |
| just write a string, this is index
| |
| | |
| now when I go back to the cloud dialogue
| |
| | |
| I don't have to login again
| |
| | |
| it will remain logged in
| |
| | |
| as long as I'm in this session of MDriven designer
| |
| | |
| I don't have to do anything here
| |
| | |
| I'm just uploading the model once more
| |
| | |
| and that's pretty fast
| |
| | |
| so I'm heading back to this one
| |
| | |
| and then pressing refresh and now it found
| |
| | |
| the view model that was named index and now the menus show up
| |
| | |
| from the actions that we did the global actions
| |
| | |
| so if we were to show all houses now, we will still get an error
| |
| | |
| it will look like this and it says that SysUser is not a type name, so this is further
| |
| | |
| requirement for MDriven models that
| |
| | |
| there is a consistent way to identify
| |
| | |
| users of your system
| |
| | |
| normally these requirements are fulfilled in the
| |
| | |
| initial model from turnkey, but now we
| |
| | |
| started with a blank model
| |
| | |
| so we don't have it and what we did,
| |
| | |
| when we uploaded our model was that we replaced the
| |
| | |
| default model for turnkey,
| |
| | |
| so this we need to amend our model
| |
| | |
| to fulfill these requirements
| |
| | |
| that's quite easy to do we just go
| |
| | |
| to capable object site
| |
| | |
| to find in the support area MDriven designer snippets
| |
| | |
| so snippets can be further explored
| |
| | |
| on these links on the site, but what they are
| |
| | |
| are actually pieces of models that
| |
| | |
| you can reuse between
| |
| | |
| different models, different projects that you have
| |
| | |
| so what I'm going to do is to
| |
| | |
| download ASPNETIdentity.snippets
| |
| | |
| what these do is actually add
| |
| | |
| what's needed to use asp.net identity
| |
| | |
| we're going to see how that looks
| |
| | |
| so I'm going to show the folder,
| |
| | |
| where this is
| |
| | |
| going to copy the folder like that
| |
| | |
| and heading back to MDriven designer,
| |
| | |
| this will add a few classes and I can have them here
| |
| | |
| but I would rather do a new package
| |
| | |
| package is just a way to separate things a bit
| |
| | |
| like a namespace
| |
| | |
| add model elements, add package, so that's package2
| |
| | |
| in package2 I want to apply my snippet
| |
| | |
| but ok I haven't imported the
| |
| | |
| snippet to the MDriven designer yet
| |
| | |
| going to need to do that
| |
| | |
| import snippets
| |
| | |
| going to download dialogue and this was
| |
| | |
| the one that I downloaded
| |
| | |
| right-clicking on package snippets and
| |
| | |
| now I will find the important snippet here
| |
| | |
| asp.net identity user auth for turnkey
| |
| | |
| when I click it I get apply dialogue
| |
| | |
| this one doesn't have any settings
| |
| | |
| if this snippet had settings replacements
| |
| | |
| then I could enter the values here but I
| |
| | |
| just do apply as I do apply
| |
| | |
| I got classes add, ok now I see that they
| |
| | |
| weren't added to my package2
| |
| | |
| but they were added to the package1
| |
| | |
| and this is probably because the snippet it had them
| |
| | |
| I don't really know, but I need to check that out
| |
| | |
| what I can do is to do them point at these
| |
| | |
| and say that they should belong
| |
| | |
| to package2 instead
| |
| | |
| so that one package2, this one package2
| |
| | |
| and how I find them is all the ones
| |
| | |
| that the start with "Sys"
| |
| | |
| so again there's actually no need
| |
| | |
| to have them in a separate package
| |
| | |
| it's just for making it a bit more clear
| |
| | |
| that I haven't actually modeled
| |
| | |
| these myself just used
| |
| | |
| and of course to get the view of an understanding
| |
| | |
| of what's there
| |
| | |
| we could add a new diagram
| |
| | |
| add a class diagram and click that one up
| |
| | |
| and then I was draging these on to hear
| |
| | |
| Sys User Claim
| |
| | |
| likee that, now they're all here
| |
| | |
| so. what they do is actually that
| |
| | |
| when user authenticates with your site
| |
| | |
| when it registers with your site
| |
| | |
| it will create this user object that will
| |
| | |
| be available to you
| |
| | |
| and whenever this user is logged into your site
| |
| | |
| SysSingleton will point out the current
| |
| | |
| user in this transient association
| |
| | |
| so you can always find this class which is
| |
| | |
| SysSingleton, which means it has a
| |
| | |
| single object access with the ocl operator
| |
| | |
| ocl singleton, so you can
| |
| | |
| easily get hold on that object
| |
| | |
| that has this association that points out
| |
| | |
| the current user and from that current user
| |
| | |
| you can find roles that this user has
| |
| | |
| if it has logged in with the
| |
| | |
| external login like I did with google
| |
| | |
| it will be here and if there are
| |
| | |
| certain claims made on this user
| |
| | |
| like it has this email address or something like that
| |
| | |
| they will be available here
| |
| | |
| ok, so again now that we have prepared our model
| |
| | |
| for the cloud to handle all the
| |
| | |
| authorization
| |
| | |
| so back to the cloud dialogue
| |
| | |
| upload the model again, check the status
| |
| | |
| check the status again and now we see
| |
| | |
| that it has evolved our little database
| |
| | |
| to contain these new classes
| |
| | |
| head back to chrome and see,
| |
| | |
| if we have better luck
| |
| | |
| this time to show all the houses
| |
| | |
| yes we have, but since we are now in the
| |
| | |
| cloud and not using our little xml file
| |
| | |
| we don't have any houses
| |
| | |
| but the action is there,
| |
| | |
| so if I press that one
| |
| | |
| will see that a new house is created for me
| |
| | |
| I can save that new house
| |
| | |
| I'm going to add yet another one and
| |
| | |
| save that one as well,
| |
| | |
| when I select one of the houses
| |
| | |
| I'm presented with the options available
| |
| | |
| for that select the role
| |
| | |
| this 0 here is actually just
| |
| | |
| the default representation of the house
| |
| | |
| so that I could change in my model, if I wanted to
| |
| | |
| show house navigates to the new house
| |
| | |
| and I could upload an image
| |
| | |
| for this house I will set address
| |
| | |
| if I want to pick tenants by search
| |
| | |
| I will get up the search dialog
| |
| | |
| and of course I don't have any tenants
| |
| | |
| so that will be empty, but since the
| |
| | |
| prototyping worked with a xml file initially
| |
| | |
| but the online globally
| |
| | |
| available application cannot work with
| |
| | |
| the same xml file
| |
| | |
| but can the prototyping work with the same data
| |
| | |
| that we see in the cloud then
| |
| | |
| well yes, and so instead of choosing the
| |
| | |
| persistence xml, we can choose to
| |
| | |
| persistence MDriven server
| |
| | |
| and since we have been in the cloud dialogue
| |
| | |
| already told that it was demo55
| |
| | |
| at the azure websites that we were using
| |
| | |
| it will suggest that one
| |
| | |
| so we could start a system against that one
| |
| | |
| and from the model locally to continue
| |
| | |
| designing here
| |
| | |
| show all houses and here is
| |
| | |
| the house that we added online
| |
| | |
| so if we were to change to upload the image
| |
| | |
| again from here
| |
| | |
| we would expect it to show up here as well
| |
| | |
| so refresh that one and now have it there
| |
| | |
| so when we needed test data, before
| |
| | |
| we used import tool, let's do that again
| |
| | |
| but now we connected to the MDriven server
| |
| | |
| start system and in the debugger
| |
| | |
| import tab separated and the view model
| |
| | |
| name was "import persons" first name and last name
| |
| | |
| and imported them like that and update them like so
| |
| | |
| now we should find them in, if we pick and search
| |
| | |
| we had something like tht, so what she does for you
| |
| | |
| is that it enables you to have any functionality
| |
| | |
| that you model in your
| |
| | |
| MDriven designer system
| |
| | |
| and execute it in the cloud, in a fully responsive web
| |
| | |
| application that the user can execute on their phone
| |
| | |
| and then it will fold like this
| |
| | |
| of course, you can work a lot with styles
| |
| | |
| and style sheets etc to control the rendering
| |
| | |
| but the basic idea is that
| |
| | |
| a lot of things could be automatically
| |
| | |
| generated from the information that you
| |
| | |
| have in the model does saving you
| |
| | |
| a lot of headache for debugging and developing
| |
| | |
| yeah a UI for every possible view
| |
| | |
| that you need in your system
| |
| | |
| ok, but a really important thing being on
| |
| | |
| the web is authentication, how can we be
| |
| | |
| sure that only the correct persons
| |
| | |
| are accessing our information, so we're going
| |
| | |
| to take a look at that first of all and
| |
| | |
| since we added the things to control
| |
| | |
| who's logged in we
| |
| | |
| now have the ability to actually log
| |
| | |
| into this site, but this site
| |
| | |
| doesn't have any users yet, so we need to
| |
| | |
| register, going to register with the fake
| |
| | |
| with my email like that and enter password
| |
| | |
| register, so now logged in as myself
| |
| | |
| but there's really was no difference
| |
| | |
| if I could show all houses
| |
| | |
| if I'm logged in or logout so that's a major problem
| |
| | |
| we only want to show all
| |
| | |
| houses to logged in users
| |
| | |
| how would we go about that
| |
| | |
| then it's the access groups
| |
| | |
| that come into play
| |
| | |
| looks like this going to create a new
| |
| | |
| access group I'm going to call it there
| |
| | |
| only logged in and the enable expression
| |
| | |
| for this action should be that the user
| |
| | |
| is logged in or maybe even the visible
| |
| | |
| expression should the action show at all
| |
| | |
| and then let's check that the SysSingleton
| |
| | |
| class, it has an operator called ocl singleton
| |
| | |
| this is the only instance of
| |
| | |
| of this object and that in turn has a
| |
| | |
| association called current user
| |
| | |
| and we want to make sure that this is not empty
| |
| | |
| that's the primary thing because if it's empty
| |
| | |
| no user is logged in, right
| |
| | |
| so that's the access group that we...
| |
| | |
| that's the rule for this access group
| |
| | |
| so action is controlled by only logged in
| |
| | |
| well we want to make sure that the show
| |
| | |
| all houses is controlled by this
| |
| | |
| maybe also the show or persons
| |
| | |
| so now we have stated that the these actions
| |
| | |
| are controlled by this access group
| |
| | |
| that access group requires in order for the
| |
| | |
| action to be visible that the current
| |
| | |
| user is not empty pretty straightforward
| |
| | |
| so we had back to the cloud dialogue
| |
| | |
| upload the model and as we do
| |
| | |
| we refresh this one, we see there are no
| |
| | |
| actions at all for the views because
| |
| | |
| there were no sub actions, so if I login
| |
| | |
| then I see them so this is one way
| |
| | |
| to limit access to only logged in users
| |
| | |
| of course, if there were other criterias
| |
| | |
| like the user must be in a certain role
| |
| | |
| well, then I would just amend my
| |
| | |
| expression for the only log in access group
| |
| | |
| and you ask how?
| |
| | |
| access current user and follow the link
| |
| | |
| to just use a role and select from that
| |
| | |
| to see if there's a certain aspect that I
| |
| | |
| fulfill, but I'm not going to do that now
| |
| | |
| so the access group can control actions
| |
| | |
| if they are going to be enabled or visible,
| |
| | |
| but since we're on the web
| |
| | |
| there is a possibility that some user has
| |
| | |
| that was logged in has correct URL
| |
| | |
| to one of the views and you stayed directly
| |
| | |
| to mitigate this that make sure that they
| |
| | |
| also logged in we gonna add all houses persons
| |
| | |
| and all persons views to the access
| |
| | |
| group like that
| |
| | |
| so what we have seen today
| |
| | |
| then is the ability
| |
| | |
| to execute your model in the cloud and with
| |
| | |
| MDriven turnkey, so everything you do
| |
| | |
| in MDriven designer, you can execute
| |
| | |
| in MDriven turnkey
| |
| | |
| we have shown access groups
| |
| | |
| and how we can use them to
| |
| | |
| authenticate and authorize users
| |
| | |
| you can have multiple access groups for any kind
| |
| | |
| of logic that you want
| |
| | |
| to give to a certain group of people
| |
| | |
| and we have shown how you can continue with the
| |
| | |
| fast pace loop of edit and deploy
| |
| | |
| that we do in the prototyping even in the cloud
| |
| | |
| and you don't have to choose
| |
| | |
| you can use both at the same time,
| |
| | |
| running towards the same data
| |
| | |
| ok, we will end there for today, thank you
| |