Checking entity permissions

PolicyCenter provides a Gosu mechanism for checking user permission on an object by accessing properties and methods off the object in the perm namespace.

• PolicyCenter exposes static permissions that are non-object-based (like the permission to create a user) as Boolean properties.
• PolicyCenter exposes permissions that take an object (like the permission to edit a claim) as methods that take an entity as their single parameter.
• PolicyCenter exposes application interface permissions as typecodes on the perm.System object.

All the properties and methods return Boolean values indicating whether or not the user has permission to perform the task. PolicyCenter always evaluates permissions relative to the current user unless specifically instructed to do otherwise. You can use permissions anywhere that you can use Gosu (in PCF files, rules, and classes) and there is a current user.

You can also check that any given user has a specific permission, using the following Gosu code:

var u : User = User( "SomeUser" /* Valid user name*/ )
var hasPermission = u.Roles.hasMatch(\role -> role.Role.Privileges.hasMatch(\perm -> perm.Permission == p))

If using this code in a development environment, you must connect Studio to a running development application server before Studio recognizes users and permissions.