locked
determining access permissions for an application id RRS feed

  • Question

  • I have the need to create a generic "validate permissions" function that will accept an application id, person id, and record id

    It will be able to dynamically recognize the offline access rules for the application (as setup in the Application Configuration Center)

    Finally, determine if the person id/record id meets those permission requirements (QueryPermissionsByType I believe would work for this part)

    Can I determine what offline permission rules(and rule details) are required for the application just from the application id?

    Thanks

    Wednesday, August 26, 2009 7:29 PM

Answers


  • List<Guid> items = new List<Guid>();
    items.Add(Emotion.TypeId);
    Collection<HealthRecordItemTypePermission> permissions =
            PersonInfo.SelectedRecord.QueryPermissions(items);
           

    QueryPermission is basically used for quering for a particular data type. It will return if the application has access to a particular data type for a particular record.

    The answer to your question is using ApplicationConnection.GetApplicationInfo();

    You can try the following and see if it works

    void

     

    CompareRulesAndPermissions(Guid AppId, Guid PersonId, Guid RecordId)

    {

     

    // Create an offline connection with the specified Appid

     

     

    OfflineWebApplicationConnection offlineConn = new OfflineWebApplicationConnection(new WebApplicationCredential(AppId), PersonId);

    offlineConn.Authenticate();

     

     HealthRecordAccessor accessor =

                new HealthRecordAccessor(offlineConn, RecordId);


    // Get both the application info and the record info

     

    ApplicationInfo anAppInfo = offlineConn.GetApplicationInfo();

     

    //Compare anAppInfo.OfflineBaseAuthorizations [Offline rules configured for the application] and accessor.QueryPermissions() [the permissions that are granted for the application by the user for this specific record]

     

    }

    Hope this helps.

           

    Monday, August 31, 2009 9:46 PM
  • Try the following and see if it resolves the issue:

    OfflineWebApplicationConnection offCon = new OfflineWebApplicationConnection();
    offCon.Authenticate();

    ApplicationInfo appInfo = offCon.GetApplicationInfo();

    Hope this helps.
    Wednesday, September 2, 2009 9:19 PM
  • Hi,

    I found a similar thread that mentioned the same exception as you faced. He tried without the context of the user (personId as Guid.Empty):
    http://social.msdn.microsoft.com/Forums/en-US/healthvault/thread/a62d6895-3931-473d-a1a0-af2626e4acc7
    Raj also said the same thing (without the context of the user). See if implementing this in the code that you mentioned resolves the issue or not. HTH
    Friday, September 4, 2009 5:59 PM

All replies

  • Can you be more clear? I am not getting the following lines:
    "It will be able to dynamically recognize the offline access rules for the application (as setup in the Application Configuration Center)"
    "Can I determine what offline permission rules(and rule details) are required for the application just from the application id?"
    Rules are something that you set using Application Configuration Center based on your application's functionality.
    Please provide me more details so that I can help you.

    Wednesday, August 26, 2009 7:35 PM
  • Is there any possible way to use the healthvault SDK to determine what access rules were setup for an application?

    For example,
    application HVAPP was setup in the Application Configuration Center with a rule for Read, Delete (not optional) permissions on the Medication type.

    Another application HVAPP2 was setup in the Application Configuration Center with a rule for Read, Create (not optional) permissions on the Allergy type.

    Health Vault user: personId: 12345 recordId: 67890 grants the required permissions to HVAPP to utilize its functionality.


    I need to create a single function that will accept the application id for HVAPP or HVAPP2 (or any application id), and a person id, and a record id. 
    With those inputs I will need to determine:
    1st What offline access rules are setup for this application (rules and rule details [Read, Delete on Allergy]). 
    2nd What permissions have been granted to the application by the HealthValut user defined by the person Id and record Id.
    3rd Compare granted permissions with application offline access rules to determine if the user should be redirected to the APPAUTH page.

    Please let me know if I'm still not being clear.

    Thanks

    Wednesday, August 26, 2009 7:53 PM

  • List<Guid> items = new List<Guid>();
    items.Add(Emotion.TypeId);
    Collection<HealthRecordItemTypePermission> permissions =
            PersonInfo.SelectedRecord.QueryPermissions(items);
           

    QueryPermission is basically used for quering for a particular data type. It will return if the application has access to a particular data type for a particular record.

    The answer to your question is using ApplicationConnection.GetApplicationInfo();

    You can try the following and see if it works

    void

     

    CompareRulesAndPermissions(Guid AppId, Guid PersonId, Guid RecordId)

    {

     

    // Create an offline connection with the specified Appid

     

     

    OfflineWebApplicationConnection offlineConn = new OfflineWebApplicationConnection(new WebApplicationCredential(AppId), PersonId);

    offlineConn.Authenticate();

     

     HealthRecordAccessor accessor =

                new HealthRecordAccessor(offlineConn, RecordId);


    // Get both the application info and the record info

     

    ApplicationInfo anAppInfo = offlineConn.GetApplicationInfo();

     

    //Compare anAppInfo.OfflineBaseAuthorizations [Offline rules configured for the application] and accessor.QueryPermissions() [the permissions that are granted for the application by the user for this specific record]

     

    }

    Hope this helps.

           

    Monday, August 31, 2009 9:46 PM
  • This has been very helpful. 

    I have run into another issue with the line:

    ApplicationInfo anAppInfo = offlineConn.GetApplicationInfo();

    I'm getting the exception (This method cannot be invoked when the person is offline.)
    I'm using the latest SDK (dlls dated 6/23/2009).
    Please let me know if I am incorrectly using this method, or if there is another way to access the ApplicationInfo.

    Below is the code that I am using to reach this point.

    Dim offlineConn As New OfflineWebApplicationConnection(New WebApplicationCredential(appIdGUID), personIdGUID)
    offlineConn.Authenticate()
    Dim aApplicationInfo As ApplicationInfo = offlineConn.GetApplicationInfo
    Thanks
    Wednesday, September 2, 2009 1:41 PM
  • I dont think you need a context of a user in the application connection to invoke this function.

    Try constructing an ApplicationConnection object directly with appropriate appid and healthservice url and invoke this function.

    Let me know if you still get the error.


    Raj
    Raj HealthVault Developer Tool http://xray.getrealconsulting.com
    Wednesday, September 2, 2009 5:24 PM
  • I create the ApplicationConnection object using the code below

    Dim

     

    conn As ApplicationConnection = New ApplicationConnection(appIdGUID, healthServiceUrl)

    aApplicationInfo = conn.GetApplicationInfo()

    On GetApplicationInfo I get the exception (The authentication token element of the request is required for this method.)

    Did I miss a call to "open" the connection?

    Thanks

    Wednesday, September 2, 2009 7:11 PM
  • Try the following and see if it resolves the issue:

    OfflineWebApplicationConnection offCon = new OfflineWebApplicationConnection();
    offCon.Authenticate();

    ApplicationInfo appInfo = offCon.GetApplicationInfo();

    Hope this helps.
    Wednesday, September 2, 2009 9:19 PM
  • Using the code you specify above:

    OfflineWebApplicationConnection offCon = new OfflineWebApplicationConnection();
    offCon.Authenticate();

    requires that the ApplicationId be specified in the configuration file.  This goes against my requirements, as I must have a generic function that works for any application id (application id input as a parameter).

    In other words, I need to somehow create an ApplicationConnection and be able to retreive the ApplicationInfo just based on the application ID (and potentially personId, recordId).

    The closest solution so far has been (below), but this doesnt work because it returns the exception (This method cannot be invoked when the person is offline.)

    Dim

     

    offlineConn As New OfflineWebApplicationConnection(New Guid(applicationId), healthServiceUrl, New Guid(personId))

    offlineConn.Authenticate()
    appInfo = offlineConn.GetApplicationInfo()

    Friday, September 4, 2009 3:05 PM
  • Hi,

    I found a similar thread that mentioned the same exception as you faced. He tried without the context of the user (personId as Guid.Empty):
    http://social.msdn.microsoft.com/Forums/en-US/healthvault/thread/a62d6895-3931-473d-a1a0-af2626e4acc7
    Raj also said the same thing (without the context of the user). See if implementing this in the code that you mentioned resolves the issue or not. HTH
    Friday, September 4, 2009 5:59 PM
  • That fixed the issue. 
    offlineConn As New OfflineWebApplicationConnection(New Guid(applicationId), healthServiceUrl, Guid.Empty)

    Many Thanks

    Friday, September 4, 2009 8:22 PM