Action script example (Security phase)

This is an example of an Action script to be executed by a trigger in the Security phase (In process). It validates if a user creating or modifying a Web-type asset belongs to the correct security group.

Use case

  1. A user creates or modifies an asset.

  2. If the asset has the asset type Web, the script checks if the user is in the Web Agency users user group (created for this example).

  3. If the user does not belong to the correct user group, the application throws an exception.

Prerequisites

Web is not a default type in M.AssetType. It must be created, if required.

  • Navigate to Manage and select Taxonomy.

  • Search for M.Asset:

    M.AssetType in Taxonomy
  • Click + to add a new class in the M.AssetType taxonomy:

    Add a new class in the M.AssetType in Taxonomy
  • Enter Web as the label for the new item:

    Add web to the new class in the M.AssetType in Taxonomy
  • Click Save to add the new asset type Web to the M.AssetType taxonomy.

Script

RequestResponse
var loadConfig = new EntityLoadConfiguration
{
  CultureLoadOption = CultureLoadOption.None,
  RelationLoadOption = new RelationLoadOption("UserGroupToUser"),
  PropertyLoadOption = PropertyLoadOption.None
};

var user = await MClient.Entities.GetAsync(Context.TriggeringUserId.Value, loadConfig);
if (user == null) throw new InvalidOperationException("Triggering user could not be found.");

var webAgencyGroup = await MClient.Users.GetUserGroupAsync("Web agency users");
if (webAgencyGroup == null) throw new InvalidOperationException("Web agency usergroup not found.");

var userGroups = await user.GetRelationAsync<IChildToManyParentsRelation>("UserGroupToUser");

if (!userGroups.Parents.Contains(webAgencyGroup.Id.Value))
{
  throw new ForbiddenException("Only users of usergroup 'Web agency users' are allowed to create or modify assets of image-type 'Web'.");
}

Script explanation

  1. Create an EntityLoadConfiguration object to specify which properties should be loaded with the entity.

    RequestResponse
    var loadConfig = new EntityLoadConfiguration
    {
      CultureLoadOption = CultureLoadOption.None,
      RelationLoadOption = new RelationLoadOption("UserGroupToUser"),
      PropertyLoadOption = PropertyLoadOption.None
    };
    

    In this case, we only need to load the UserGroupToUser relation, which specifies which groups the user belongs to.

  2. Retrieve the user entity by specifying the user ID ( Context.TriggeringUserId.Value ) and the load configuration.

    RequestResponse
    var user = await MClient.Entities.GetAsync(Context.TriggeringUserId.Value, loadConfig);
    
    Note

    The MClient object is always available and can be used by all Script types. For more information about MClient, please refer to the SDK API reference guide (MClient). Entities ( a property of MClient with type IEntitiesClient ) has a GetAsync method that accepts an entity ID and optionally a load configuration object, and that returns the entity object.

  3. If no user object is returned, throw an InvalidOperationException.

    RequestResponse
    if (user == null) throw new InvalidOperationException("Triggering user could not be found.");
    
  4. Get the user group.

    RequestResponse
    var webAgencyGroup = await MClient.Users.GetUserGroupAsync("Web agency users");
    
    Note

    The MClient object is always available and can be used by all Script types. For more information about MClient, see the API reference (MClient).

  5. If the user group is not found, throw an InvalidOperationException.

    RequestResponse
    if (webAgencyGroup == null) throw new InvalidOperationException("Web agency usergroup not found.");
    
  6. Get the user groups of the user.

    RequestResponse
    var userGroups = await user.GetRelationAsync<IChildToManyParentsRelation>("UserGroupToUser");
    
    Warning

    In order to retrieve a relation object using GetRelationAsync, you need to specify the relation's type. In this case, it is IChildToManyParentsRelation. For more information about the relation's types, see the API reference (Stylelabs.M.Sdk.Contracts.Base).

  7. If the user groups do not contain the "Web Agency users" group, throw a ForbiddenException.

    RequestResponse
    if (!userGroups.Parents.Contains(webAgencyGroup.Id.Value))
    {
      throw new ForbiddenException("Only users of usergroup 'Web agency users' are allowed to create or modify assets of image-type 'Web'.");
    }
    
    Note

    For more information about ForbiddenException, as well as a list of the available custom exceptions, see the API reference (Stylelabs.M.Sdk.Exceptions).

Setup

  1. Create, publish and enable an Action script.

  2. Create an action of type Action script and link it with the script.

  3. Create a new trigger and set the trigger's objective to Entity creation and Entity modification.

    • In the trigger conditions, add the entity definition Asset then add a new condition. Set the condition to Type (AssetTypeToAsset) current value contains any Web.

    • In the trigger actions, add the action under Security actions.

  4. Save and enable the trigger.

Do you have some feedback for us?

If you have suggestions for improving this article,