Action script example (Security phase)
This is an example of an Action script to be executed by a trigger in the Security phase (In process). It validates if a user creating or modifying a Web-type asset belongs to the correct security group.
Use case
-
A user creates or modifies an asset.
-
If the asset has the asset type Web, the script checks if the user is in the Web Agency users user group (created for this example).
-
If the user does not belong to the correct user group, the application throws an exception.
Prerequisites
Web is not a default type in M.AssetType
. It must be created, if required.
-
Navigate to Manage and select Taxonomy.
-
Search for M.Asset:
-
Click + to add a new class in the
M.AssetType
taxonomy: -
Enter Web as the label for the new item:
-
Click Save to add the new asset type Web to the M.AssetType taxonomy.
Script
var loadConfig = new EntityLoadConfiguration
{
CultureLoadOption = CultureLoadOption.None,
RelationLoadOption = new RelationLoadOption("UserGroupToUser"),
PropertyLoadOption = PropertyLoadOption.None
};
var user = await MClient.Entities.GetAsync(Context.TriggeringUserId.Value, loadConfig);
if (user == null) throw new InvalidOperationException("Triggering user could not be found.");
var webAgencyGroup = await MClient.Users.GetUserGroupAsync("Web agency users");
if (webAgencyGroup == null) throw new InvalidOperationException("Web agency usergroup not found.");
var userGroups = await user.GetRelationAsync<IChildToManyParentsRelation>("UserGroupToUser");
if (!userGroups.Parents.Contains(webAgencyGroup.Id.Value))
{
throw new ForbiddenException("Only users of usergroup 'Web agency users' are allowed to create or modify assets of image-type 'Web'.");
}
Script explanation
-
Create an
EntityLoadConfiguration
object to specify which properties should be loaded with the entity.RequestResponsevar loadConfig = new EntityLoadConfiguration { CultureLoadOption = CultureLoadOption.None, RelationLoadOption = new RelationLoadOption("UserGroupToUser"), PropertyLoadOption = PropertyLoadOption.None };
In this case, we only need to load the
UserGroupToUser
relation, which specifies which groups the user belongs to. -
Retrieve the
user
entity by specifying the user ID (Context.TriggeringUserId.Value
) and the load configuration.RequestResponsevar user = await MClient.Entities.GetAsync(Context.TriggeringUserId.Value, loadConfig);
NoteThe
MClient
object is always available and can be used by all Script types. For more information aboutMClient
, please refer to the SDK API reference guide (MClient).Entities
( a property ofMClient
with typeIEntitiesClient
) has aGetAsync
method that accepts an entity ID and optionally a load configuration object, and that returns the entity object. -
If no user object is returned, throw an
InvalidOperationException
.RequestResponseif (user == null) throw new InvalidOperationException("Triggering user could not be found.");
-
Get the user group.
RequestResponsevar webAgencyGroup = await MClient.Users.GetUserGroupAsync("Web agency users");
NoteThe
MClient
object is always available and can be used by all Script types. For more information aboutMClient
, see the API reference (MClient
). -
If the user group is not found, throw an
InvalidOperationException
.RequestResponseif (webAgencyGroup == null) throw new InvalidOperationException("Web agency usergroup not found.");
-
Get the user groups of the user.
RequestResponsevar userGroups = await user.GetRelationAsync<IChildToManyParentsRelation>("UserGroupToUser");
WarningIn order to retrieve a relation object using
GetRelationAsync
, you need to specify the relation's type. In this case, it isIChildToManyParentsRelation
. For more information about the relation's types, see the API reference (Stylelabs.M.Sdk.Contracts.Base
). -
If the user groups do not contain the "Web Agency users" group, throw a
ForbiddenException
.RequestResponseif (!userGroups.Parents.Contains(webAgencyGroup.Id.Value)) { throw new ForbiddenException("Only users of usergroup 'Web agency users' are allowed to create or modify assets of image-type 'Web'."); }
NoteFor more information about
ForbiddenException
, as well as a list of the available custom exceptions, see the API reference (Stylelabs.M.Sdk.Exceptions
).
Setup
-
Create, publish and enable an Action script.
-
Create an action of type Action script and link it with the script.
-
Create a new trigger and set the trigger's objective to Entity creation and Entity modification.
-
In the trigger conditions, add the entity definition Asset then add a new condition. Set the condition to Type (AssetTypeToAsset) current value contains any Web.
-
In the trigger actions, add the action under Security actions.
-
-
Save and enable the trigger.