[Event request] Page "Permission Sets" (ID 9802) - OnBeforeImportPermissionSets

[Martin-Wagner-AX]

Hello,

when importing permission sets it??s only possible to add or "merge" permissions to existing ones.
You do not have a change to delete existing permission when you are importing reduced permission sets.
For this case we need an event "OnBeforeImportPermissionSets" to check the import file if there are permission sets included in importfile which still exist, perform a user request "should existing permissions to be deleted before import starts", if yes deletes existing permissions for all permission sets in importfile and then go on with normal import.

The function for the event should called in action "ImportPermissionSets" and handled pattern should avoid a second user request.

            action(ImportPermissionSets)
            {
                ApplicationArea = Basic, Suite;
                Caption = 'Import Permission Sets';
                Enabled = CanManageUsersOnTenant;
                Image = Import;
                ToolTip = 'Import a file with permissions.';

                trigger OnAction()
                var
                    NSYSPermissionMgt: Codeunit "IAX NSYS Permission Mgt.";
                    PermissionSetBuffer: Record "Permission Set Buffer";
                    TempBlob: Codeunit "Temp Blob";
                    ImportPermissionSets: XmlPort "Import Permission Sets";
#if not CLEAN21
                    ImportTenantPermissionSets: XmlPort "Import Tenant Permission Sets";
#endif
                    FileName: Text;
                    InStream: InStream;
                    OutStream: OutStream;
                    UpdateExistingPermissions: Boolean;
                    Handled: Boolean;
                begin
                    UploadIntoStream('Import', '', '', FileName, InStream);
                    TempBlob.CreateOutStream(OutStream);
                    CopyStream(OutStream, InStream);

                    TempBlob.CreateInStream(InStream);
                    OnBeforeImportPermissionSets(TempBlob, UpdateExistingPermissions, Handled);
                    if not Handled then
                        UpdateExistingPermissions := Confirm(UpdateExistingPermissionsLbl, true);
#if not CLEAN21
                    if IsImportNewVersion(InStream) then begin
                        ImportPermissionSets.SetSource(InStream);
                        ImportPermissionSets.SetUpdatePermissions(UpdateExistingPermissions);
                        ImportPermissionSets.Import();
                    end else begin
                        ImportTenantPermissionSets.SetSource(InStream);
                        ImportTenantPermissionSets.SetUpdatePermissions(UpdateExistingPermissions);
                        ImportTenantPermissionSets.Import();

The event should include the following parameters.

    [IntegrationEvent(false, false)]
    local procedure OnBeforeImportPermissionSets(TempBlob: Codeunit "Temp Blob"; var UpdateExistingPermissions: Boolean; var Handled: Boolean)
    begin
    end;

Our user loves this function - so perhaps you can ask to include this function in standard instead of a new event...

    local procedure CheckImportFileForImportPermissionSets(TempBlob: Codeunit "Temp Blob")
    var
        AppID: Text;
        BeginText: Label 'PermissionSet AppID="';
        BeginTextPos: Integer;
        DeleteExistingUserGroupPermissionSets: Label 'The existing permission sets are updated. Should the existing access rights of the permission sets to be imported also be deleted before the import?';
        EndText: Label '" RoleName="';
        EndTextPos: Integer;
        InStr: InStream;
        MiddleText: Label '" RoleID="';
        MiddleTextPos: Integer;
        NullGuid: Guid;
        Number: Integer;
        RoleID: Text;
        TenantPermission: Record "Tenant Permission";
        TextTemp: Text;
        TextWork: Text;
        UserQuestionPerformed: Boolean;
    begin
        if not TempBlob.HasValue() then
            exit;

        TextWork := '';
        TempBlob.CreateInStream(InStr);
        while not (InStr.EOS) do begin
            Number := InStr.ReadText(TextTemp);
            TextWork := TextWork + TextTemp;
            EndTextPos := StrPos(TextWork, EndText);
            if EndTextPos <> 0 then begin
                MiddleTextPos := StrPos(TextWork, MiddleText);
                if MiddleTextPos <> 0 then begin
                    BeginTextPos := StrPos(TextWork, BeginText);
                    if BeginTextPos <> 0 then begin
                        AppID := CopyStr(TextWork, BeginTextPos + StrLen((BeginText)), MiddleTextPos - BeginTextPos - StrLen(BeginText));
                        RoleID := CopyStr(TextWork, MiddleTextPos + StrLen((MiddleText)), EndTextPos - MiddleTextPos - StrLen(MiddleText));
                        if StrLen(RoleID) <= MaxStrLen(TenantPermission."Role ID") then begin
                            TenantPermission.SetCurrentKey("App ID", "Role ID", "Object Type", "Object ID");
                            TenantPermission.SetRange("App ID", NullGuid);
                            TenantPermission.SetRange("Role ID", UpperCase(RoleID));
                            if not TenantPermission.IsEmpty then begin
                                if not UserQuestionPerformed then begin
                                    UserQuestionPerformed := true;
                                    if not CONFIRM(false, DeleteExistingUserGroupPermissionSets) then
                                        exit;
                                end;
                                TenantPermission.DeleteAll();
                            end;
                        end;
                    end;
                end;
                TextWork := '';
            end;
        end;
    end;

    [EventSubscriber(ObjectType::Page, Page::"Permission Sets", 'IAX_OnBeforeImportPermissionSets', '', true, true)]
    local procedure CheckImportFileForImportPermissionSets_OnBeforeImportPermissionSets(TempBlob: Codeunit "Temp Blob"; var UpdateExistingPermissions: Boolean; var Handled: Boolean)
    var
    begin
        CheckImportFileForImportPermissionSets(TempBlob);
        UpdateExistingPermissions := true;
        Handled := true
    end;

Internal work item: AB#536758

[pri-kise]

@JesperSchulz @miljance can this event request be avoided by your new PR?
microsoft/BCApps#3184

[miljance]

I looks like this problem has been resolved with the pull request I have created. I have heard about this request from more than one partner and of course everyone solved it differently but with the same goal. The approach that I have taken is that during import user gets the confirmation dialog:
"Do you want to update the existing permission sets with those from the file? If you choose 'No', the permissions from the import file will overwrite the existing ones for the included permission sets.".

So, a user can choose if he wants to do a merge - this is the only option that was available so far - or overwrite. So far if user clicked on"No", the permission sets were merged anyway. From my perspective the change I did suffices for the mention problem, and it sounds as this Event is not needed - but it is up to a @Martin-Wagner-AX to estimate if this is good enough or the event is needed anyway.