Login

Consultor Eletrônico



Kbase P122940: How to implement a RUN-TIME Security within the ABL
Autor   Progress Software Corporation - Progress
Acesso   Público
Publicação   01/06/2009
Status: Unverified

GOAL:

How to implement a RUN-TIME Security within the ABL

GOAL:

Implementing a RUN-TIME Security example

FACT(s) (Environment):

All Supported Operating Systems
Progress/OpenEdge Product Family
OpenEdge Category: Language (4GL/ABL)

FIX:

The following solution tries to provide the example files on how to implement a RUN-TIME Security, it is based on a permission table defined by the application developer.
The Permission Table will allow to specify which user can have access to which module of the application.
Example of User table content.
_users.d
"frankp" "cmcbvpfkrDkkicVN" "Frank Peterson" ?
"kellyk" "abckakkvdizddbdi" "Kelly Koberlien" ?
"markw" "lxlXjqjUkdfriXci" "Mark Wilson" ?
"nancym" "dgtblbeafnacEkvl" "Nancy Mahoney" ?
.
PSC
cpstream=ISO8859-1
.
0000000191
Example of Permission table.
permis.df
ADD TABLE "Permissions"
AREA "Employee"
DUMP-NAME "permissi"
ADD FIELD "permModule" OF "Permissions" AS character
FORMAT "x(32)"
INITIAL ""
LABEL "Module Name"
POSITION 2
SQL-WIDTH 64
COLUMN-LABEL "Module!Name"
ORDER 10
ADD FIELD "permWhoCanRun" OF "Permissions" AS character
FORMAT "x(70)"
INITIAL ""
LABEL "Who can run this module"
POSITION 3
SQL-WIDTH 140
COLUMN-LABEL "Can run"
HELP "Enter a comma delimited list of user ids"
ORDER 20
ADD INDEX "Module" ON "Permissions"
AREA "Employee"
UNIQUE
PRIMARY
INDEX-FIELD "permModule" ASCENDING
ADD INDEX "WhoCanRun" ON "Permissions"
AREA "Employee"
WORD
INDEX-FIELD "permWhoCanRun" ASCENDING
.
PSC
cpstream=ISO8859-1
.
0000000735


Permission table data
permis.d
"l-findemp7.p" "kellyk,nancym,markw,frankp"
"l-findproj.p" "markw,frankp,nancym,kellyk"
"e-mntbene.p" "markw"
.
PSC
filename=Permissions
records=0000000000003
ldbname=mysports
timestamp=2007/12/07-21:20:47
numformat=.
dateformat=mdy-1950
map=NO-MAP
cpstream=ISO8859-1
.
0000000116

Adding permission procedure.
addperm.p
DEFINE VARIABLE myLoginID LIKE Employee.LoginID NO-UNDO.
DEFINE VARIABLE myLoginList as CHARACTER.
DEFINE FRAME f-perm
permModule
permWhoCanRun FORMAT "X(40)"
WITH 1 COLUMN ROW 2.

DEFINE FRAME f-login
myLoginID COLUMN-LABEL "Employee!Login ID"
WITH 5 DOWN.
/* Prompt for the module name */
REPEAT WITH FRAME f-perm:
UPDATE permModule.
FIND Permission USING permModule NO-LOCK NO-ERROR.
IF AVAILABLE Permission THEN
myLoginList = permWhoCanRun.
ELSE
myLoginList = ?.
MESSAGE myLoginList VIEW-AS ALERT-BOX.
/* Prompt for new user IDs */
get-user:
REPEAT with FRAME f-login:
IF RETRY THEN
myLoginID SCREEN:VALUE IN FRAME f-login = "".
UPDATE myLoginID.
/* Make sure the user ID is defined in the database */
IF NOT CAN-FIND(_User WHERE _userid EQ myLoginID) THEN
DO:
MESSAGE "Userid" myLoginId "is not defined in the database."
VIEW-AS ALERT-BOX.
&nbsp.; UNDO get-user, RETRY get-user.
END.
/* If the login ID has been added to the list, don't re-add it */
IF LOOKUP(myLoginID, myLoginList) GT 0 THEN
UNDO get-user, RETRY get-user.
IF myLoginList EQ ? THEN
myLoginList = myLoginID.
ELSE
myLoginList = myLoginList + "," + myLoginID.
/* Update the login ID list display */
MESSAGE myLoginList VIEW-AS ALERT-BOX.
END.
add-update-perm:
DO TRANSACTION:
IF AVAILABLE Permission THEN
FIND CURRENT Permission EXCLUSIVE-LOCK.
ELSE
DO:
CREATE Permission.
ASSIGN
permModule.
END.
ASSIGN permWhoCanRun = myLoginList.
END. /* add-update-perm */
END.
Check Permissions procedure file
checkperm.p
FIND Permission WHERE permModule EQ appmodule NO-LOCK.
IF NOT CAN-DO(permWhoCanRun) THEN
DO:
MESSAGE userid "is not authorized to use"
moduleDescription
VIEW-AS ALERT-BOX.
RETURN.
END.
Include the following include call to your procedures in way to check if a specific user has permission to run a specific module.
checkperm.p procedure call.
RUN checkperm.p (INPUT file-name, INPUT moduleDescription).
.