Custom Access Validators
You can use a custom access validator to add permission checks to a given object class. For example, you might need access to another business object before you can create a given object. Because this kind of access control cannot easily be performed with the Policy Administration utility, you can create a custom validator to perform this check.
A custom validator can also be created to override an out-of-the-box validator, which can remove additional out-of-the-box access checks. For example, this can be useful for vendor portal functionality where out-of-the-box access is restricted for all vendors, but a customer wants to relax the rules for specific vendors.
Custom access validators do not remove or bypass rules that are configured in the Policy Administration utility. These validators are only used to add or remove access control based on business rules.
To provide custom access control validators for PTC FlexPLM objects, you must do the following:
1. Create a java class validator.
2. Register the validator.
Creating a Validator
Create a java class that extends the DefaultACLValidator Flex class. By providing your own access validator, you replace any out-of-the-box validators. For example, the existing LCSMeasurementsACLValidator Flex class has logic to prevent deletion of an LCSPointsOfMeasure object if its type is “LIBRARY” and the user is not in the measurements administrator group.
If you want to include the existing Flex validation, extend the existing validator instead of DefaultACLValidator and use the super call where necessary.
There are seven methods that you can override to provide your own logic:
• Four methods corresponding to an access type:
◦ hasViewAccess(WTObject)
◦ hasCreateAccess(WTObject)
◦ hasModifyAccess(WTObject)
◦ hasDeleteAccess(WTObject)
Before these methods are called, the system determines if the user has access permissions as defined in the Policy Administration utility. The user must have access to the type of object being checked. To be granted create, modify, and delete access, the user must have view access. These checks are not part of the out-of-the-box access validator, and they cannot be overridden.
• A method that determines access for a passed access type: hasAccess(WTObject, AccessPermission)
• Two methods used by the ClientModels to determine if the user has administrative access:
◦ hasAdminAccess()
◦ hasAdminAccess(String adminGroupName)
Registering a Validator
To register the validator, add a property to custom.lcs.properties using the following format:
ACLValidatorFactory.validatorOveride.<FlexClassName>=<ValidatorClassName>
The following is an example for the LCSColor property:
ACLValidatorFactory.validatorOveride.com.lcs.wc.color.LCSColor=com.myco.LCSColorValidator