When running a Web2Print solution, the possibility to assign different access rights to different
users is usually a critical requirement. Ideally, you want to be able to make security decisions
at different levels of granularity, combining the ease of use of a coarse-grained security policy
with the full control provided by fine-grained access rights.
Today we take a look at how DocMaker approaches these concepts in a flexible way.
A free lunch?
We all know there is no such thing as a free lunch, but DocMaker is built on top of ADAM and all
security related features from ADAM also apply to DocMaker. The fact that certain records containing
InDesign files are accessed and modified through DocMaker does not bypass or restrict ADAM security
in any way. This means that you can grant or deny access to either individual records or entire
classifications for specific ADAM user groups the same way you would in a regular ADAM
context.
Also keep in mind that DocMaker is based on InDesign Server technology and supports
common InDesign features like locked layers. Implementing a very basic security policy can be
as easy as moving page elements with restricted access rights to locked layers in your DocMaker
templates. DocMaker will not allow any modifications being made to page elements that occur on a locked layer.
Still hungry?
Of course the topic of Web2Print access rights goes beyond what is already available in ADAM and
InDesign. Through the DocMaker API, you can set different rights for individual image elements
and text stories, and you can set different rights for users of specific ADAM user groups.
This combination gives you the highest level of control. If you do not need this degree of
flexibility, you may still want to define the default element access setting, which specifies
whether page elements are locked or unlocked by default.
The following code illustrates how to apply some of these ideas:
| C# |
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
using System.Linq;
using Adam.Core;
using Adam.Core.Management;
using Adam.Core.Records;
using Adam.Core.Search;
using Adam.Core.Settings;
using Adam.DocMaker.Core;
namespace Samples
{
partial class AccessControl
{
public static void Main()
{
Application application = new Application();
if (application.LogOn("username", "password") == LogOnStatus.LoggedOn)
{
// Set the default security for page elements to locked.
TextSetting setting = new TextSetting(application);
setting.LoadSystemValue(DocMakerSettingType.DefaultSecurityType);
setting.Value = "Locked";
setting.Save();
// Pick an arbitrary InDesign file.
RecordCollection records = new RecordCollection(application);
records.Load(new SearchExpression("File.Version.FileType.Kind = INDD"));
SetAccessRights(records.First<Record>());
}
}
public static void SetAccessRights(Record record)
{
using (Document document = Document.CreateFromFile(record.Files.Master))
{
// Grant everyone access to the story contents.
foreach (Story story in document.Stories)
{
story.AccessControlList.SetUserGroupPermission(
UserGroup.EveryoneId,
AccessControlEntryType.Granted);
}
// Deny guests access to the contents of the first story.
document.Stories.First().AccessControlList.SetUserGroupPermission(
UserGroup.GuestsId,
AccessControlEntryType.Denied);
// Allow regular users to modify image elements.
foreach (ImageElement image in document.EnumerateAllElements().OfType<ImageElement>())
{
image.AccessControlList.SetUserGroupPermission(
UserGroup.GuestsId,
AccessControlEntryType.Granted);
}
document.PublishToRecord(DocumentSaveMode.CurrentVersion);
}
record.Save();
}
}
}
|
Beyond "Yes or No"
In a Web2Print environment, you may want to do more than grant or deny access to certain page
elements. For instance, you want to allow users to replace an image, but you also want to
restrict the set of images that can function as alternatives. Or you want to allow users to replace
the contents of a text story, but at the same time you want to limit the choice to a set of
predefined text contents.
DocMaker supports all of this through the concept of record restrictions. With each image element
or text story, you can associate a set of ADAM records that represent alternative images or text
contents. Record restrictions can be specified either with explict record identifiers or
through a search expression. Using a search expression is a more dynamic approach, because the set
of valid alternatives can then change even after defining the restriction.
How to replace images or text contents, and how to specify story restriction records, is explained
in the DocMaker DevGuide. Here we merely focus on how to associate a set of record restrictions
with a text story or image element:
| C# |
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
using System;
using System.Collections.Generic;
using System.Linq;
using Adam.Core.Records;
using Adam.DocMaker.Core;
namespace Samples
{
partial class AccessControl
{
public static void SetRestrictions(Record record, IEnumerable<Guid> ids)
{
using (Document document = Document.CreateFromFile(record.Files.Master))
{
// Limit the choice for the contents of the first story.
Story story = document.Stories.First();
foreach (Guid guid in ids)
{
story.RecordRestrictions.Ids.Add(guid);
}
// Restrict replacement of images to JPG only.
foreach (ImageElement image in document.EnumerateAllElements().OfType<ImageElement>())
{
image.RecordRestrictions.SearchExpression = "File.Version.FileType.Kind = JPG";
}
document.PublishToRecord(DocumentSaveMode.CurrentVersion);
}
record.Save();
}
}
}
|
Wrapping up
We have shed some light on different alternatives to approach access security rights with
DocMaker. Of course you do not need to use all these possibilities, you can limit yourself to
the ones that appear most appropriate for your specific application, which can range from a plain
and simple basic security setup to an advanced and highly customizable security policy.