Configure roles for asset actions in a workspace
Asset actions in a workspace in censhare Web are accessed via action menus. You can assign roles and individual permissions via a custom configuration so that only users with the respective permission can execute them.
Context
This configuration affects asset and action menus in censhare Web.
Prerequisites
You should be familiar with roles and permissions in censhare. In order to set up the extension and add a custom configuration, you need access to the file system of censhare Server.
Introduction
Asset actions are available through asset menus on asset pages and action menus in asset lists. The available actions depend on the asset type and the context where an asset is used or displayed. Asset menus and actions menu of an asset list can be accessed via the "Menu" button:
Icon | Meaning |
+ | Button: open asset or action menu |
The default behavior defines, which actions are available in the menus of asset types and asset lists. In order to assign roles and permissions to actions, you have to create a so-called behavior extension. censhare checks for roles and individual permissions when rendering a menu when a user opens an asset page or asset list. If an action has an extended behavior with assigned roles and permissions, only users with the respective roles and/or permissions will see the menu item to execute the action. In order to add a custom configuration, you have to perform two steps:
Set up the behavior extension - This enables the behavior extensions that allow you to define roles and permissions for asset actions.
Create the custom behavior configuration - This configuration contains all actions with a custom role/permission. The configuration file stores all behavior extensions, that means all combinations of actions and roles/permissions that you want to configure in your system.
Configuration
Both steps of this configuration are carried out on the server. You have to access the file system with the custom configuration folder.
Set up behavior extensions
On the censhare Server, create the following directory:
~/censhare-Custom/censhare-Server/app/web/src/ng1/client/base/csBehaviors/
Note: Make sure that you create the directory in the path of the "censhare-Custom" directory. This directory stores all custom configurations. When starting up the censhare Server, these custom configurations overwrite the default configurations.
Add an empty JSON file named "cs.pkg.json" to that directory.
Add the following code snippet to the JSON file and save it:
CODE{ "name": "csBehaviors", "since": "5.0.0", "version": "0.1.1", "filename": "behaviors.module", "types": [ { "name": "csBehavior", "constructor": "csBehavior" }, { "name": "csBehaviorGroup", "constructor": "csBehaviorGroup" }, { "name": "csBehaviorExtension", "constructor": "csBehaviorExtension" } ] }
Do not change anything in this snippet.
Create the custom behavior configuration
On the censhare Server, create the following directory:
~/censhare-Custom/censhare-Server/app/web/src/ng1/client/base/csBehaviorExtensions/
Add an empty JSON file named "cs.pkg.json" to that directory.
In this file, add a custom configuration according to the following pattern:
CODE{ "name": "[censhare action behavior key]", "type": "csBehaviorExtension", "properties": { "filters": { "csRoles": [ "[censhare role ID]", "csPermissions": [ "[censhare permission key]", ] } } }
Remarks on how to adjust the settings:
Replace the placeholder [censhare action behavior key] by the respective ID, for example, "csNewChildTaskBehavior". Do not add any value to the "properties" and "filters" parameters.
You can add roles, permissions or both combined in a custom configuration. Each parameter can contain multiple values, separated by a comma.
Use the "csRoles" parameter to add one or more roles. Replace the placeholder [censhare role ID] by the respective ID, for example, "projectManager". Look up the IDs in the table "Master data/Roles" in the censhare Admin-Client.
Use the "csPermissions" parameter to add one or more permissions. Replace the placeholder [censhare permission key] by the respective key, for example, "asset_edit_attributes". Look up the keys in the table "Master data/Permission keys" in the censhare Admin-Client.
Likewise, add a code snippet and repeat the previous steps for each action that you want to configure.
Save the file.
Restart the censhare Server.
Result
Users with the respective role or permission can access the workspace actions with a behavior extension. Users without the role or permission cannot access the respective actions and do not see the menu item. All users can access the actions with a default behavior without behavior extension.