Access rule
Introduction
Access rules control user access to worker sites, pages, and widgets. An access rule evaluates to true (grant access) or false (deny access).
Rule syntax
Keywords
The following keywords are available in access rules:
| Name | Type | Description |
|---|---|---|
| @user | DslUser | The user in context. |
| @apiFactory | IManagedApiFactory | To construct Casewhere API objects. Read here for the full list of available APIs. |
DslUser
| Name | Type | Description |
|---|---|---|
| UserId | string | The ID of the user. |
| Username | string | The username used for login. |
| Has | bool (string claimType) | Determines whether the user has a specific claim type. |
| Contains | bool (string claimType, string value) | Determines whether the user has a specific claim value. |
| GetClaim | string (string claimType) | Returns the first value of the specified claim type. |
| this[key] | ClaimValueList | Indexer that returns the list of values for a claim type. ClaimValueList extends List<string> with a Join(string delimiter) method. |
| WorkerSite | DslWorkerSite | The worker site in context. |
DslWorkerSite
| Name | Type | Description |
|---|---|---|
| Id | Guid | The unique identifier of the worker site. |
| Name | string | The name of the worker site. Must be unique. |
| Title | string | The display title of the worker site. |
| DomainName | string | The domain of the worker site. |
| DefaultLanguageId | Guid | The identifier of the default language. |
| TimezoneId | string | The standard timezone name from TimeZoneInfo.GetSystemTimeZones. For example, Romance Standard Time. |
| TimezoneOffset | double | The time difference in minutes between the worker site's timezone and UTC. |
| ShortDate | string | The short date format. For example: dd.MM.yyyy. |
| LongDate | string | The long date format. For example: dd.MM.yyyy HH:mm. |
| DecimalSeparator | string | The decimal separator ("," or "."), depending on the configuration. |
| ThousandSeparator | string | The thousand separator ("," or "."), depending on the configuration. |
| IsHttps | bool | Whether the worker site uses HTTPS. |
| EnableAnonymousUser | bool | Whether anonymous user access is enabled. |
| ProductId | Guid | The identifier of the product this worker site belongs to. |
| IsUnderMaintenance | bool | Whether the worker site is currently under maintenance. |
| IdPConnection | DslIdPConnection | The Identity Provider connection associated with the worker site. |
Examples
Example 1: Role-based access control
Only users with a specific role can access the resource.
@user.Contains("Role", "Manager")
Example 2: Whitelist-based access control
Only whitelisted users can access the resource.
#predicate
var dataApi = @apiFactory.Get<IDataApi>();
var filter = FilterBuilder.Create().Eq("Username", @user.Username).Eq("Active", true).Build();
var found = dataApi.Any("WhitelistedUsers", filter);
return found;
Example 3: Department-based access control
Only users belonging to a specific department can access the resource.
@user.Contains("Department", "Finance")