Access groups
In this part of MDriven designer sessions access groups have been shown
and how we can use them to authenticate and authorize users.
You probably have different users in your system and these users are probably associated with an access group somehow (ActiveDirectory or something in your application).You will want to allow and disallow user groups to execute actions.This could be done as enable expressions on the Actions – but that would not be very nice since it would kidnap the use of enable from the normal things we use enable for (check data state). Also if a user is never allowed to execute “TheAdminInterface” it might be best to hide that action from view all together.
To facilitate this Modlr has a new concept called AccessGroups .
Also we have demonstrated how you can continue with the fast pace loop of edit and deploy.
To make your experience more comfortable, we set the main tags mentioned in the video to the right bar menu of this mini player. Choose the interesting subtitle on the list and immediately get to the exact theme timeplace in the video. Now you can pick any topic to be instructed without watching the whole video.
Raw subtitles text
ok, so we are now in a position where
we have done some work on our model
we have run the prototyping tool on the model
back and forth
and ended up in a situation
where we have a couple of views
that allows us navigation between the views
the next step is maybe that we want
to involve real users trying out the system
and of course, we could have the real
users download MDriven designer
and execute the same way as we do here
but that will probably not happen
even if it was, when we are done
actually setting the system in production
we want to consume it another way, of course
so that leads us to turnkey, MDriven turnkey
MDriven turnkey is a platform to execute everything you
do in MDriven designer in a cloud app
so let's get that started
from within MDriven designer you will find
the cloud connection tool,
so something like this screen
and this is the login that
you do with your license and ticket password as a user
I usually use the google social
login to avoid, to remove
the hassle of remembering passwords etc
so I'm pressing that one and
now I'm logged in as myself
I don't need to press this refresh button
to get access to the turnkey sites
that I have, that are available to me
refresh and now I see the turnkey sites
that are available to me
in your combo box that will probably be one or two
so this is the one that I'm going for
this is a blank one that I just set up
following other instructions on the site
I'm not going to explain that here but
it's easy to find how to do this
so we can check status on that one and
we see that it responds,
so what we will want to do now
is to upload the model that
we have into this site
so upload model
then it's done and we check status and
what it says evolve started
meaning that ok
the database wasn't in the state that equals the
model that I have uploaded
so the turnkey logic need to change it,
it says that it has done the following change script
and applied it to the database
and that's ok, so having done that
we should actually head over to
what we can do is to jump to the license and ticket site
pops up here, this is what it looks like
I'm going to log into that as well
I had my google account
well now it doesn't remember because
this was edge I'm going to do the same thing in chrome
so I don't have to have my google logged in in two places
license and ticket and I was logged in
and I go to show my turnkey sites and this list
is of course the same as the list I see here
from this one, manage one turnkey site
and then visit site going to press ctrl
so that I don't navigate away from
this new tab and then it tells me
missing page - you need to create a viewmodel named index
ok, so that's a requirement for turnkey
driven site that the model contains viewmodel that's named index
so easy enough to fix, add model elements and
the viewmodel you didn't see that one
because that were out of screen
call this one index and when I open it up
I'm gonna give it a class,
add a generic column
just write a string, this is index
now when I go back to the cloud dialogue
I don't have to login again
it will remain logged in
as long as I'm in this session of MDriven designer
I don't have to do anything here
I'm just uploading the model once more
and that's pretty fast
so I'm heading back to this one
and then pressing refresh and now it found
the view model that was named index and now the menus show up
from the actions that we did the global actions
so if we were to show all houses now, we will still get an error
it will look like this and it says that SysUser is not a type name, so this is further
requirement for MDriven models that
there is a consistent way to identify
users of your system
normally these requirements are fulfilled in the
initial model from turnkey, but now we
started with a blank model
so we don't have it and what we did,
when we uploaded our model was that we replaced the
default model for turnkey,
so this we need to amend our model
to fulfill these requirements
that's quite easy to do we just go
to capable object site
to find in the support area MDriven designer snippets
so snippets can be further explored
on these links on the site, but what they are
are actually pieces of models that
you can reuse between
different models, different projects that you have
so what I'm going to do is to
download ASPNETIdentity.snippets
what these do is actually add
what's needed to use asp.net identity
we're going to see how that looks
so I'm going to show the folder,
where this is
going to copy the folder like that
and heading back to MDriven designer,
this will add a few classes and I can have them here
but I would rather do a new package
package is just a way to separate things a bit
like a namespace
add model elements, add package, so that's package2
in package2 I want to apply my snippet
but ok I haven't imported the
snippet to the MDriven designer yet
going to need to do that
import snippets
going to download dialogue and this was
the one that I downloaded
right-clicking on package snippets and
now I will find the important snippet here
asp.net identity user auth for turnkey
when I click it I get apply dialogue
this one doesn't have any settings
if this snippet had settings replacements
then I could enter the values here but I
just do apply as I do apply
I got classes add, ok now I see that they
weren't added to my package2
but they were added to the package1
and this is probably because the snippet it had them
I don't really know, but I need to check that out
what I can do is to do them point at these
and say that they should belong
to package2 instead
so that one package2, this one package2
and how I find them is all the ones
that the start with "Sys"
so again there's actually no need
to have them in a separate package
it's just for making it a bit more clear
that I haven't actually modeled
these myself just used
and of course to get the view of an understanding
of what's there
we could add a new diagram
add a class diagram and click that one up
and then I was draging these on to hear
Sys User Claim
likee that, now they're all here
so. what they do is actually that
when user authenticates with your site
when it registers with your site
it will create this user object that will
be available to you
and whenever this user is logged into your site
SysSingleton will point out the current
user in this transient association
so you can always find this class which is
SysSingleton, which means it has a
single object access with the ocl operator
ocl singleton, so you can
easily get hold on that object
that has this association that points out
the current user and from that current user
you can find roles that this user has
if it has logged in with the
external login like I did with google
it will be here and if there are
certain claims made on this user
like it has this email address or something like that
they will be available here
ok, so again now that we have prepared our model
for the cloud to handle all the
authorization
so back to the cloud dialogue
upload the model again, check the status
check the status again and now we see
that it has evolved our little database
to contain these new classes
head back to chrome and see,
if we have better luck
this time to show all the houses
yes we have, but since we are now in the
cloud and not using our little xml file
we don't have any houses
but the action is there,
so if I press that one
will see that a new house is created for me
I can save that new house
I'm going to add yet another one and
save that one as well,
when I select one of the houses
I'm presented with the options available
for that select the role
this 0 here is actually just
the default representation of the house
so that I could change in my model, if I wanted to
show house navigates to the new house
and I could upload an image
for this house I will set address
if I want to pick tenants by search
I will get up the search dialog
and of course I don't have any tenants
so that will be empty, but since the
prototyping worked with a xml file initially
but the online globally
available application cannot work with
the same xml file
but can the prototyping work with the same data
that we see in the cloud then
well yes, and so instead of choosing the
persistence xml, we can choose to
persistence MDriven server
and since we have been in the cloud dialogue
already told that it was demo55
at the azure websites that we were using
it will suggest that one
so we could start a system against that one
and from the model locally to continue
designing here
show all houses and here is
the house that we added online
so if we were to change to upload the image
again from here
we would expect it to show up here as well
so refresh that one and now have it there
so when we needed test data, before
we used import tool, let's do that again
but now we connected to the MDriven server
start system and in the debugger
import tab separated and the view model
name was "import persons" first name and last name
and imported them like that and update them like so
now we should find them in, if we pick and search
we had something like tht, so what she does for you
is that it enables you to have any functionality
that you model in your
MDriven designer system
and execute it in the cloud, in a fully responsive web
application that the user can execute on their phone
and then it will fold like this
of course, you can work a lot with styles
and style sheets etc to control the rendering
but the basic idea is that
a lot of things could be automatically
generated from the information that you
have in the model does saving you
a lot of headache for debugging and developing
yeah a UI for every possible view
that you need in your system
ok, but a really important thing being on
the web is authentication, how can we be
sure that only the correct persons
are accessing our information, so we're going
to take a look at that first of all and
since we added the things to control
who's logged in we
now have the ability to actually log
into this site, but this site
doesn't have any users yet, so we need to
register, going to register with the fake
with my email like that and enter password
register, so now logged in as myself
but there's really was no difference
if I could show all houses
if I'm logged in or logout so that's a major problem
we only want to show all
houses to logged in users
how would we go about that
then it's the access groups
that come into play
looks like this going to create a new
access group I'm going to call it there
only logged in and the enable expression
for this action should be that the user
is logged in or maybe even the visible
expression should the action show at all
and then let's check that the SysSingleton
class, it has an operator called ocl singleton
this is the only instance of
of this object and that in turn has a
association called current user
and we want to make sure that this is not empty
that's the primary thing because if it's empty
no user is logged in, right
so that's the access group that we...
that's the rule for this access group
so action is controlled by only logged in
well we want to make sure that the show
all houses is controlled by this
maybe also the show or persons
so now we have stated that the these actions
are controlled by this access group
that access group requires in order for the
action to be visible that the current
user is not empty pretty straightforward
so we had back to the cloud dialogue
upload the model and as we do
we refresh this one, we see there are no
actions at all for the views because
there were no sub actions, so if I login
then I see them so this is one way
to limit access to only logged in users
of course, if there were other criterias
like the user must be in a certain role
well, then I would just amend my
expression for the only log in access group
and you ask how?
access current user and follow the link
to just use a role and select from that
to see if there's a certain aspect that I
fulfill, but I'm not going to do that now
so the access group can control actions
if they are going to be enabled or visible,
but since we're on the web
there is a possibility that some user has
that was logged in has correct URL
to one of the views and you stayed directly
to mitigate this that make sure that they
also logged in we gonna add all houses persons
and all persons views to the access
group like that
so what we have seen today
then is the ability
to execute your model in the cloud and with
MDriven turnkey, so everything you do
in MDriven designer, you can execute
in MDriven turnkey
we have shown access groups
and how we can use them to
authenticate and authorize users
you can have multiple access groups for any kind
of logic that you want
to give to a certain group of people
and we have shown how you can continue with the
fast pace loop of edit and deploy
that we do in the prototyping even in the cloud
and you don't have to choose
you can use both at the same time,
running towards the same data
ok, we will end there for today, thank you