Home > Class Reference > ENSLIB namespace > %CSP.Portal.Utils

%CSP.Portal.Utils

abstract class %CSP.Portal.Utils extends %Library.RegisteredObject

APIs used by the Cache Management Portal.

Method Inventory (Including Private)

Parameters

parameter DOMAIN = %Utility;

Methods (Including Private)

classmethod %AddFavorite(pName As %String, pLink As %String) as %Status
Add item to favorites list.
classmethod %CheckCustomResource(pURL As %String) as %Boolean
Check the custom resource (if any) assigned to a given URL. Note that pURL should be URL-encoded.
classmethod %CheckTaskResource() as %Boolean
classmethod %ClearFavoriteItems(pUser As %String = "") as %Status
Delete favorite item list for given user. If user is not specified, delete all items.
classmethod %ClearRecentItems(pUser As %String = "") as %Status
Delete recent item list for given user. If user is not specified, delete all items.
classmethod %DrawError(pStatus As %Status) as %Status
classmethod %GetCustomResource(pID As %String) as %String
Get the custom resource assigned to a given id (url). Note that pID should be URL-encoded.
classmethod %GetCustomResourceList(pList As %String) as %Status
Return a list of all currently used custom resource names.
classmethod %GetFavoritesForUser(Output pFavorites) as %Status
Return the current favorites list for the current user: pItems(n) = $LB(name,date,url)
classmethod %GetNamespaceList(Output pNamespaces As %String) as %Status
Get a list of namespaces which the current user may access. pNamespaces is returned as an array with the following structure: pNamespaces("NAMESPACE") = $lb(enabled,remote)
classmethod %GetRecentItemsForUser(Output pItems) as %Status
Return the recent items list for the current user:
pItems(n) = $LB(name,date,url)
These are reset on system restart.
classmethod %RegisterRecentItem(pName As %String, pURL As %String) as %Status
Add this item to the recent item list.
classmethod %RemoveFavoriteItem(pName As %String) as %Status
Delete a favorite item for the current user.
classmethod %RemoveRecentItem(pName As %String) as %Status
Delete a recent item for the current user.
classmethod %SetCustomResource(pID As %String, pResource As %String) as %Status
Set the custom resource assigned to a given id (url). Note that pID should be URL-encoded.
classmethod CheckLinkAccess(link As %String) as %Integer
CheckLinkAccess determines whether the target user is permitted to view a given CSP or Zen page based on the security requirements for the relevant target Web application, the underlying page class, and any custom resources applied to the link.

Returns 0 if the link is not to a csp application. (enable)

Returns 1 if the user is permitted access to the page. (enable)

Returns 2 if could not determine Target User. Clicking on link will bring up login page. (choice: enable or disable)

Returns 3 if the user doesn't have access to the CSP application.(disable)

Returns 4 if the user doesn't have resources specific to the page.(disable)

  1. It is assumed the CheckLinkAccess is called from a context in which %session and %request are available, ie, from callpage in the CSP Server
  2. In order to minimize information trolling, CheckLinkAccess will just return a bit indicating if the link should be enabled in the current calling context.
  3. Definitions:
    1. Source application - application in which the current caller is being run
    2. Current user - ($Username) the user currently logged into the Source Application
    3. Target Application - the application pointed to by the link
    4. Target User - the computed username under which the user will be logged into the Target Application
    5. Target Page: the page portion of the link, e.g., /csp/app/mypage.csp: mypage.csp

This method is meant to be called from the link's containing page within the context of the CSP server. The containing page is part of a source application.

We must be able to detemine which target user will be used to check privileges. The target user cannot be determined if the source and target applications are different and the target is neither part of an active by-id group nor sharing-sessions with the source application.

Applications share sessions when:

  • The source and target are the same application.
  • The link to the target page contains CSPSHARE=1.
  • Source and target applications have the same Session Cookie Path.

Who is the target user?

Since this is called from with a CSP session, there are the following situations:

  1. The target application is a member of an authenticated by-id group. That group's authenticated user is the Target User.
  2. The target application will be in the current session. The CSP server has already handled logic for determing the user.
    1. The session's user is not UnknownUser. The target user is $Username.
    2. The session's user is UnknownUser
      • If the target application is the source application, the Target User is UnknownUser.
      • If the target application is different, the target user is the user from the session's Sticky-context. If the session has no sticky-context, the Target User will be UnknownUser

CheckLinkAccess Policy

  • If the Target Application is not a CSP Application, return ENABLE/UNKNOWN
  • If the Source and Target application are the same, skip to check resources.
  • If the Target Application is neither in an authenticated by-id group nor in the Source Application's session, return ENABLE/UNKNOWN
  • Compute the Target User. See 'Who is Target User?' above.
  • If the Target Application is two-factor enabled and the Target User is not, return NO_APP_ACCESS.
  • Get any application-defined and user-defined resources assigned to the Target Page.
  • If Source and Target Applications are different, check that the Target User has the right roles to enter the Target Application. If not, return NO_APP_ACCESS.
  • Check Resources:

    If the Target User can access the Target Page's Resources after escalating roles from the Target Application, return ENABLE/UNKNOWN. Else return NO_PAGE_ACCESS.

classmethod CheckLoggedInResources(targetResources As %List) as %Integer

Inherited Members

Inherited Methods (Including Private)