logo
logo

Action script example (Security phase)

This is an example of an Action script to be executed by a trigger in the Security phase (In process). It validates if a user creating or modifying a Web-type asset belongs to the correct security group.

Use case

  1. A user creates or modifies an asset.
  2. If the asset has the asset type Web, the script checks if the user is in the Web Agency users user group (created for this example).
  3. If the user does not belong to the correct user group, the application throws an exception.

Prerequisites

Web is not a default type in M.AssetType. It must be created, if required.

  • Navigate to Manage and select Taxonomy.

  • Search for M.Asset:

  • Click + to add a new class in the M.AssetType taxonomy:

  • Enter Web as the label for the new item:

  • Click Save to add the new asset type Web to the M.AssetType taxonomy.

Script

var loadConfig = new EntityLoadConfiguration
{
    CultureLoadOption = CultureLoadOption.None,
    RelationLoadOption = new RelationLoadOption("UserGroupToUser"),
    PropertyLoadOption = PropertyLoadOption.None
};

var user = await MClient.Entities.GetAsync(Context.TriggeringUserId.Value, loadConfig);
if (user == null) throw new InvalidOperationException("Triggering user could not be found.");

var webAgencyGroup = await MClient.Users.GetUserGroupAsync("Web agency users");
if (webAgencyGroup == null) throw new InvalidOperationException("Web agency usergroup not found.");

var userGroups = await user.GetRelationAsync<IChildToManyParentsRelation>("UserGroupToUser");

if (!userGroups.Parents.Contains(webAgencyGroup.Id.Value))
{
    throw new ForbiddenException("Only users of usergroup 'Web agency users' are allowed to create or modify assets of image-type 'Web'.");
}

Script explanation

  1. Create an EntityLoadConfiguration object to specify which properties should be loaded with the entity.

    var loadConfig = new EntityLoadConfiguration
    {
        CultureLoadOption = CultureLoadOption.None,
        RelationLoadOption = new RelationLoadOption("UserGroupToUser"),
        PropertyLoadOption = PropertyLoadOption.None
    };
    Note

    In this case, we only need to load the UserGroupToUser relation, which specifies which groups the user belongs to.

  2. Retrieve the user entity by specifying the user ID ( Context.TriggeringUserId.Value ) and the load configuration.

    var user = await MClient.Entities.GetAsync(Context.TriggeringUserId.Value, loadConfig);
    Note

    The MClient object is always available and can be used by all Script types. For more information about MClient, please refer to the SDK API reference guide (MClient).

    Entities ( a property of MClient with type IEntitiesClient ) has a GetAsync method that accepts an entity ID and optionally a load configuration object, and that returns the entity object.

  3. If no user object is returned, throw an InvalidOperationException.

    if (user == null) throw new InvalidOperationException("Triggering user could not be found.");
  4. Get the user group.

    var webAgencyGroup = await MClient.Users.GetUserGroupAsync("Web agency users");
    Note

    The MClient object is always available and can be used by all Script types. For more information about MClient, please refer to the SDK API reference guide (MClient).

  5. If the user group is not found, throw an InvalidOperationException.

    if (webAgencyGroup == null) throw new InvalidOperationException("Web agency usergroup not found.");
  6. Get the user groups of the user.

    var userGroups = await user.GetRelationAsync<IChildToManyParentsRelation>("UserGroupToUser");
    Warning

    In order to retrieve a relation object using GetRelationAsync, you need to specify the relation's type. In this case, it is IChildToManyParentsRelation. For more information about the relation's types, please refer to the SDK API reference guide (Stylelabs.M.Sdk.Contracts.Base).

  7. If the user groups do not contain the "Web Agency users" group, throw a ForbiddenException.

    if (!userGroups.Parents.Contains(webAgencyGroup.Id.Value))
    {
        throw new ForbiddenException("Only users of usergroup 'Web agency users' are allowed to create or modify assets of image-type 'Web'.");
    }
    Note

    For more information about ForbiddenException, as well as a list of the available custom exceptions, please refer to the SDK API reference guide (Stylelabs.M.Sdk.Exceptions).

Setup

  1. Create, publish and enable an Action script.

  2. Create an action of type Action script and link it with the script.

  3. Create a new trigger and set the trigger's objective to Entity creation and Entity modification.

    • In the trigger conditions, add the entity definition Asset then add a new condition. Set the condition to Type (AssetTypeToAsset) current value contains any Web.
    • In the trigger actions, add the action under Security actions.
  4. Save and enable the trigger.

Can we improve this article ? Provide feedback