Skip to content

Permissions

Purpose

A collection of methods to check permissions from a given permissions set

Methods

Binding name: p6.permissions

Method: boolean hasPermissions(String permissions, String feature, String action)

Checks if the action on the feature is allowed for the given permissions on the current instance.

Method: boolean hasPermissionsUsingPipelineRequest(String feature, String action)

Will retrieve the permissions from the pipeline reading the platform6.request.user.permissions entry and check if the action on the feature is allowed for the permissions on the current instance.

Method: boolean hasAnyPermissions(String permissions, List[String] actions)

Checks if the any of the actions is allowed for the given permissions on the current instance.

Method: boolean hasAnyPermissionsUsingPipelineRequest(List[String] actions)

Will retrieve the permissions from the pipeline reading the platform6.request.user.permissions entry and check if any action is allowed for the permissions on the current instance.

Method: Tuple2<Boolean,String> appUpsert(String name, String description, String... perms)

Creates or overwrites a permission set for this instance using the given name and current application key (appKey):

  • [appKey].[name]

For example O2C.approver

The given permissions (perms) are expressed as an array of name=value pairs

All parameters are mandatory

Returns true,"ok" if successful else false,"Error Message"

Note

This method can only be used from an application install script. The Current Logged in User requires the permsets=install permission to perform this function.

Warning

If you try calling this method or any of the other App Install/Uninstall methods for testing purposes you will get the error: This method can only be called from an application install script! To bypass this security check simply pass the app key in a pipeline variable called install.script.appkey as shown below:

install pipeline variable

Note

The appUpsert, appUninstall and appRemove DSL methods use the Currently Logged In User permissions for execution. This is unique to this DSL as the permissions to allow modification of application permissions pose a greater security risk if they are permissions associated with the instance Integration

Method: Tuple2<Boolean,String> appUninstall()

Remove all permissions sets previously created using the above appUpsert() method for the current application If users have been assigned these permission set(s), each user is modified to remove the permission set association before the permission set is removed.

Returns true,"ok" if successful else false,"Error Message"

Note

This method can only be used from an application uninstall script. The Current Logged in User requires the permsets=install as well as users=edit/update permissions to perform this function.

Method: Tuple2<Boolean,String> appRemove(String name)

Remove a single permissions set using the supplied name assuming it was previously created using the above appUpsert() method for the current application If users have been assigned this permission set, each user is modified to remove this permission set association before the permission set is removed.

Returns true,"ok" if successful else false,"Error Message"

Note

This method can only be used from an application uninstall script. The Current Logged in User requires the permsets=install as well as users=edit/update permissions to perform this function.

Method: void appUpsertEx(String name, String description, String... perms) throws P6Exception

This is the same functionality as appUpsert() above, however, if an error occurs an exception is thrown

Method: void appUninstallEx() throws P6Exception

This is the same functionality as appUninstall() above, however, if an error occurs an exception is thrown

Method: void appRemoveEx(String name) throws P6Exception

This is the same functionality as appRemove() above, however, if an error occurs an exception is thrown

Examples

println p6.permissions.hasPermissions("instance:feature=action", "feature", "action")

println p6.permissions.hasAnyPermissions("instance:feature=action", "otherFeature=action", "feature=action")

println p6.permissions.hasPermissionsUsingPipelineRequest("scripts", "read")

println p6.permissions.hasAnyPermissionsUsingPipelineRequest("scripts=edit", "scripts=delete")

println p6.permissions.appUpsert("approver", "Invoice Approver", "transactions=view", "transactions=allow('Work Items'('Assignee'='%USER.EMAIL%'))")

println p6.permissions.appUninstall()

p6.permissions.appUpsertEx("approver", "Invoice Approver", "transactions=view", "transactions=allow('Work Items'('Assignee'='%USER.EMAIL%'))")

p6.permissions.appUninstallEx()