Moqui的权限是基于Apache Shiro的,构件类型基于screen,service,entity。对象有ArtifactGroup、ArtifactGroupMember、UserGroup、UserGroupMember、UserAccount、ArtifactAuthz。
授权是基于ArtifactGroup和UserGroup的,授权可以是整个系统、子系统、某个操作、某个页面(记录级的权限还在研究)如下:
<moqui.security.ArtifactAuthz artifactAuthzId="EXAMPLE_AUTHZ_VW" userGroupId="EXAMPLE_VIEWER"
artifactGroupId="EXAMPLE_APP" authzTypeEnumId="AUTHZT_ALLOW" authzActionEnumId="AUTHZA_VIEW"/>
配置一个例子中只有example的查看编辑权限的例子:
<!-- ========== Example to test only allow access to Example Find/Edit Screens ========== -->
<moqui.security.ArtifactGroup artifactGroupId="EXAMPLE_LTD" description="Example Find/Edit Screens Only"/>
<moqui.security.ArtifactGroupMember artifactGroupId="EXAMPLE_LTD" artifactTypeEnumId="AT_XML_SCREEN"
inheritAuthz="Y" artifactName="component://example/screen/ExampleApp/Example.xml"/>
<moqui.security.UserGroup userGroupId="EXAMPLE_LTD" description="Example Limited Group"/>
<moqui.security.UserAccount userId="EX_TLD" username="example.ltd" userFullName="Example Limited User"
currentPassword="16ac58bbfa332c1c55bd98b53e60720bfa90d394" passwordHashType="SHA"
passwordHint="framework name, lowercase" currencyUomId="USD" locale="en_US" timeZone="US/Central"/>
<moqui.security.UserGroupMember userGroupId="EXAMPLE_LTD" userId="EX_TLD" fromDate="1265184000000"/>
<moqui.security.ArtifactAuthz artifactAuthzId="EXAMPLE_AUTHZ_LTD" userGroupId="EXAMPLE_LTD"
artifactGroupId="EXAMPLE_LTD" authzTypeEnumId="AUTHZT_ALLOW" authzActionEnumId="AUTHZA_ALL"/>
配置条件拒绝访问
<!-- if more than 120 screens in 60 seconds, deny access for 60 seconds -->
<moqui.security.ArtifactTarpit userGroupId="ALL_USERS" artifactGroupId="ALL_SCREENS"
maxHitsCount="120" maxHitsDuration="60" tarpitDuration="60"/>