Determining what the user can execute - VisualCron - Forum

Community forum

Bob Silva
2013-05-21T23:42:04Z
Greetings...

With the API I can connect to the server, get the list of jobs and execute them. Nice!

If I don't have permission to execute a particular job and I attempt to execute that job, it does not run. Good.

Now, I would prefer to not even display a job in my web client if I don't have the permissions to execute it.

If I understand the security model correctly, if any of the groups of which I am a member has the Execute Jobs permission checked, I can execute any job except those jobs where all my groups are specifically denied.

Conversely, if all my groups Execute Jobs checkboxes are cleared, I can only execute jobs where one of my groups has been specifically granted the execute permission.

So, assuming I have that correct, I need to locate this information in the API.

When I examine the Server object, I see Server.Client.User.Groups which gives me a list of GUIDs corresponding to the groups of which I am a member. While that is a good starting point, I need to know if any of those groups grant me that global Execute Job permission.

When I examine the JobClass object, I see GroupOverride which will give me GroupID and OverrideSettings which is another piece of the puzzle. However, I can't seem to find all the pieces to get a complete permission picture.

I know the VC Client is written using the VC API and I do see all the information in the VC Client. I'm just not seeing it all when I use the API. The API documentation seems out of date as I'm not finding some of the objects I've just described therein.

So. Whew. How can I determine which jobs I (the logged in user) can execute?

Thanks,
Bob
Support
2013-05-22T07:20:08Z
When and if we implement prevention of users "seeing"/reading Jobs this also means that the API will never know about this Jobs. Because if you connect as a specific user that does not have "seeing" rights it should not see them. And that might be a problem.

You can use the serverObj.Permissions.Check( method to check permissions.
Henrik
Support
http://www.visualcron.com 
Please like  VisualCron on facebook!
Bob Silva
2013-05-22T20:04:09Z
Hi Henrik,

No, I'm not advocating changing the API. I just wanted a way to determine if the logged in user can execute the job, before giving them a button to do so. So, I wanted a List of JobClass'es they could, in fact, execute. Your advice was the answer.

So, basically, the code to return that list looks like this:
Quote:

Client c = new Client();
Server s = new Server();

Connection conn = new Connection();
conn.UseADLogon = true;
conn.Address = VCServer;
conn.ConnectionType = Connection.ConnectionT.Remote;

s = c.Connect(conn, true);
List<JobClass> jcl = s.Jobs.GetAll();

foreach (JobClass jc in jcl)
{
if (s.Permissions.Check(SecPermissionsClass.PermissionT.Jobs, SecPermissionsClass.ActionT.Execute, jc.Id) != Permissions.PermissionResultT.Granted)
{
jcl.Remove(jc);
}
}

c.Disconnect(s);

return jcl;


Thanks!
Bob
Scroll to Top