Permission lifecycle

INFO

How AuthBuilder drives load → parse → apply for data scopes.

AuthorBuilder

AuthDialect — load/parse DB-side permission data (RespLoader, AuthLoader, …).
SQLBuilder kit — target query to modify.
WordBagDialect wordBag — grouped scope words (override via AuthFactory).
AuthUser authUser — current principal.
roleIds — roles to evaluate.
dataScopes — raw scope rows from DB.
AuthGoodsBag goodsBag — resources to filter.

Pipeline

1. Preflight

.useDuty(_userManager, (duty) => {
    duty....
})

Scope resources:

duty.useMenu(Pageid)
    .useVCLink(entity.cellLinkOID)
    .useLoginVisitBag(false)
    .useManVisit(manCode)
    .useOrgVisit(entity.KB_OrgOID)
    .useWordPara("{manCode}", manCode)

2. Load words

Override loadDataScopes() — read role scopes into dataScopes, then onLoadedWords.

3. Empty check

onEmpty when no scopes configured.

resp.onEmpty((duty) => {
    kit.whereLikeLeft("b.Varchar1", myCode);
    return "";
})

4. Parse words

readRoleDataScope → readRole → PipelineDialect.readRoleScopeCode.

Example RespPipeline:

public class RespPipeline : PipelineDialect
{
    public override int readRoleScopeCode(WordBagDialect range, AuthWord role, AuthUser user)
    {
        if (role.scopeCode == "4") { range.addAll(); return 1; }
        else if (role.scopeCode == "28") { ... }
        // ... scope codes 29, 3, 2, 1, 7, 6, 999 ...
        return 0;
    }
}

5. Before dynamic words

invokeOnLoadedWords — inject business parameters for dynamic scopes.

6. Dynamic words

onBuildLiveWord — apply {taskBase}, {taskOrg}, {taskMan}, etc.

7. Static words

doWordBagBuild → wordBag.build → useOrgIsField, useOrgLikeField, …

8. Final empty guard

dealEmptyAuth → onEmpty or forced 1=2.

Permission lifecycle ​

AuthorBuilder ​

Pipeline ​

1. Preflight ​

2. Load words ​

3. Empty check ​

4. Parse words ​

5. Before dynamic words ​

6. Dynamic words ​

7. Static words ​

8. Final empty guard ​