Myna. Permissions

A static class that provides access to the Myna Permissions System

Overview

The functions and classes in this library combined with the web application located at MynaRoot/myna/permissions/index.ejs form Myna’s permissions system.  The purpose of the permissions system is to provide a standardized and centralized system for managing users and their rights in your applications.

First, some standard concepts

UserA “user” is a unique entity such as a human or software service that has certain rights to perform actions in your system.  A user can have one or more “logins”.  Users are a global resource and are not associated with any particular application.
LoginA “login” is a unique identifier with an authentication authority, such as a local database, a Microsoft Active Directory, LDAP, or Open ID.  Myna knows how to authenticate against its own local database in myna_permissions.  To use this functionality, save a user name and password, and set the type to “myna”.  You can then compare a plain text password to the stored password via User.isCorrectPassword.
RightA right is essentially just a name associated with an application (appname).  Rights only have meaning when an application checks for them and grants or restricts access based on them.  The easiest way to do this is to call User.hasRight to check if the logged-in user has a particular right.  Myna has some built-in support for the right “edit_permissions” in any application.  A user with “edit_permissions” for an application is allowed to edit the permissions for that application in MynaRoot/myna/permissions/index.ejs.  The Myna Adminstrator can edit permissions for any application, so it is possible to create a user account and assign edit_permissions to it and then let that user handle any further changes for his or her application
User GroupUser groups are where users and rights meet.  Like rights, user groups are associated with an application (appname).  User groups are intended to represent a role, such as “Adminstrators” or “HR Staff”.

Here is the basic process for authentication and authorization

1) Determine authentication method

in this step your application needs to know how to authenticate a user.  This can be internal Myna authentication via User.isCorrectPassword, or an external authentication mechanism such as LDAP or your HR database.  Some organizations have multiple ways of authenticating and allow the user to choose which to use.

2) Set UserID

After authentication, look up user’s user_id from his/her login and type (Myna.Permissions.getUserByLogin) and call $cookie.setAuthUserId.  This sets a cookie with the user’s id and refreshes that cookie everytime the user makes a request.  This cookie is encrypted with the result of getAuthKey (“myna_auth_cookie”).  There is no timeout for this cookie, but it will automatically expire when the user closes the browser.  If you want the authentication token to have a timeout, store the user_id in the session instead.

3) Check Authentication

You can confirm that a user has been authenticated by checking $cookie.getAuthUserId which will return null if the current user is not authenticated.  Placing this check in your $application.onRequestStart function is an easy way to prevent unauthenticated access.

4) Check Authorization

To see if the current user has the right to “foo”, call User.hasRight (“foo”).  You can use the Myna Administrator to define as a many rights as your application needs

5) Log-out the user

To logout, simply call $cookie.clearAuthUserId and/or $session.clear

Using the Myna Permissions application

The Myna Permissions application is primarily designed to be accessed through the Myna Administrator and used to set up users, logins, rights, and groups.  It can also be used in a simplified form for a particular application, in which case it is limited to just group management.  In this mode your application can connect to the Myna Permissions application via IFRAME element or window.open() by passing an authentication token generated by Myna.Permissions.getAuthToken, like this:

<!-- index.ejs -->
<a href="perms.ejs" target="perm_window">Edit Foo Permissions</a>
...
// perms.ejs
var token =Myna.Permissions.getAuthToken($cookie.getAuthUserId());
var url = $server.rootUrl + "myna/permissions/index.ejs?appname=foo&auth_token=" + token;
$res.metaRedirect(url);

As an aside, you can use the getAuthToken / consumeAuthToken functions to transfer authentication between any two Myna applications, even if they are on different servers, as long as they both use the same “myna_permissions” datasource.  For example, Myna.WebService instances check $req.auth_token in addition to the HTTP Basic Auth header, and $cookie.get(“myna_auth_cookie”) for authentication

Summary
Myna. PermissionsA static class that provides access to the Myna Permissions System
Functions
addAppAdds/updates an application, and returns an instance of <Myna.Permissions.App>.
getAppValuesreturns an object containing the display name, description, and inactive_ts for the supplied appname, or null if not defined
addRightadds a new right, and returns an instance of Myna.Permissions.Right
deleteRightdeletes a right
addUserGroupadds a new user group, and returns an instance of <Myna.UserGroup>
deleteUserGroupremoves a user group
addUseradds a new user, and returns an instance of Myna.Permissions.User
consumeAuthTokenreturns associated user_id or null if invalid
readAuthTokenreturns associated user_id or null if invalid
getAuthAdaptercreates and configures and authentication adapter based on the auth type name provided
getAuthKeyretrieves a unique authKey from the crypt_keys table for the supplied name, or creates one if the name does not exist.
getAuthTokencreates stores and return a one-use authentication token for the supplied user_id
getAuthTypesreturns an array of valid auth type names for this system
getRightByIdreturns the right object that matches the supplied id or null
getRightModelreturns a validating model (see <Myna.DataManager.getManager> )
getRightByNamereturns the right object that matches the supplied name and appname, or returns null
getRightsByAppnamereturns a Myna.DataSet of all the rights associated with the supplied appname
getUserGroupsByAppnamereturns a Myna.DataSet of all the user groups associated with the supplied appname
getUserGroupByNamereturns a UserGroup reference or null
getUserGroupByIdreturns the user group object that matches the supplied id or null
getUserByIdreturns the User object that matches the supplied id or null
getUserByLoginreturns the User object that matches the supplied login or null
getUserByAuthreturns the User that matches the supplied username and password or null if no matches
getUserModelreturns a validating model (see <Myna.DataManager.getManager> )
getLoginModelreturns a validating Login model (see <Myna.DataManager.getManager> )
getUserGroupModelreturns a validating UserGroup model (see <Myna.DataManager.getManager> )
Myna. Permissions.UserProvides access to user specific permissions.
Functions
get_createdreturns created
get_first_namereturns first_name
get_last_loginreturns last_login
get_last_namereturns last_name
get_middle_namereturns middle_name
get_titlereturns title
get_user_idreturns user_id
set_createdsets created
set_first_namesets first_name
set_last_loginsets last_login
set_last_namesets last_name
set_middle_namesets middle_name
set_titlesets title
qryRightsreturns query of rights associated with this user
inactivateinactivates this user.
isActivereturns true if this user is active
reactivatereactivates this user
hasRightreturns true if this user has been assigned the supplied appname and right name
hasAnyRightreturns true if this user has been assigned the supplied appname and any of the supplied right names
getLoginsreturns a DataSet of objects in the form of [{type,login}] of the logins associated with this user
getLoginListreturns a list of type/login pairs in the form of “type:login,type:login” of the logins associated with this user
setLoginadds or updates an login for this user
isCorrectPasswordreturns true if the supplied user login and plaintext password match the stored password hash.
Myna. Permissions. RightProvides access to Right specific actions.
Functions
get_appnamereturns appname
get_descriptionreturns description
get_namereturns name
get_right_idreturns right_id
set_appnamesets appname
set_descriptionsets description
set_namesets name
Myna. Permissions. UserGroupProvides access to user group specific actions.
Functions
get_appnamereturns appname
get_descriptionreturns description
get_namereturns name
get_user_group_idreturns user_group_id
set_appnamesets appname
set_descriptionsets description
set_namesets name
addUsersadds one or more users to this group, if not already added
addRightsadds one or more rights to this group, if not already added
qryRightsreturns query of rights associated with this group
removeRightsremoves one or more rights from this group, if not already removed
removeUsersremoves one or more users from this group, if not already removed
qryUsersreturns a query of user information associated with this group
addSubGroupsadds one or more sub_groups to this group, if not already added
qrySubGroupsreturns query of sub_groups associated with this group
removeSubGroupsremoves one or more sub_groups from this group, if not already removed

Functions

addApp

addApp:function(options)

Adds/updates an application, and returns an instance of <Myna.Permissions.App>.

Parameters

optionsAn object containing the new application’s information.  See “options” below

Options

appnameappname of this application.  Used programatically to refer to this applicaiton.  Only lowercase letters, numbers, and “_” allowed.
display_name*Optional, default appname * The name of the app as it should be displayed to to humans
descriptionOptional, default “” A short description of this application

Detail

Creates a new application entry.  Also creates a UserGroup called “Administrators” containing a right called “edit_permissions” both associated with this appname.  Any users in a group containing this app’s “edit_permissions” right will be able to create groups and assign permissions for this app via the Myna permissions front-end.  If the appname already exists it is updated with the display name and description.

getAppValues

getAppValues:function(appname)

returns an object containing the display name, description, and inactive_ts for the supplied appname, or null if not defined

Parameters

appnameappname of the application.

addRight

addRight:function(options)

adds a new right, and returns an instance of Myna.Permissions.Right

Parameters

optionsAn object containing the new right’s information.  See “options” below

Options

nameName of the right.  Should be a single word.
appnameappname of application associated with this right
descriptionOptional, default “” A description of the ability this right confers

deleteRight

deleteRight:function(right_id)

deletes a right

Parameters

right_idid of right to delete

addUserGroup

addUserGroup:function(options)

adds a new user group, and returns an instance of <Myna.UserGroup>

Parameters

optionsAn object containing the new user group’s information.  See “options” below

Options

nameName of the user group.  Can be any string, but should be short
appnameappname of application associated with this right
auth_typeauth_type of this group, if imported from an external authentication source
descriptionOptional, default “” A description of types of users that should be associated with this group

deleteUserGroup

deleteUserGroup:function(user_group_id)

removes a user group

Parameters

user_group_idid of group to delete

addUser

addUser:function(options)

adds a new user, and returns an instance of Myna.Permissions.User

Parameters

optionsAn object containing the new user’s information.  See “options” below

Options

first_nameOptional, default “” User’s first name
middle_nameOptional, default “” User’s middle name
last_nameOptional, default “” User’s last name
emailOptional, default “” User’s email address
titleOptional, default “” User’s title, e.g.  Mr, Mrs, Sir, Dr

consumeAuthToken

consumeAuthToken:function(token)

returns associated user_id or null if invalid

Parameters

tokentoken to consume

Note

Consuming a token permenantly removes it.

See getAuthToken

readAuthToken

readAuthToken:function(token)

returns associated user_id or null if invalid

Parameters

tokentoken to read

Note

Does not consume the token.  The token will continue to be valid until it expires.

See

getAuthAdapter

getAuthAdapter:function(auth_type)

creates and configures and authentication adapter based on the auth type name provided

Parameters

auth_typename of the configuration to use to create the adapter.  This name should match a config file in /WEB-INF/myna/auth_types

getAuthKey

getAuthKey:function(name)

retrieves a unique authKey from the crypt_keys table for the supplied name, or creates one if the name does not exist.

Parameters

namename of key to retrieve

getAuthToken

getAuthToken:function(user_id,
timeout)

creates stores and return a one-use authentication token for the supplied user_id

Parameters

user_iduser_id of the user to be authenticated
timeoutOptional, default 10 Time in milliseconds that this token will be accepted.  This should be the smallest amount of time that the two systems can reliably process.  Longer timeouts leave a larger window for replay attacks Detail: This function is intended to be used in conjunction with consumeAuthToken to allow an application to “pre-authenticate” a user to another application.  This requires the source application to acquire an authentication token representing a user_id, and then send this to the target application, normally via a URL or FORM variable called “auth_token”.  The receiving application will call consumeAuthToken and store the result with $cookie.setAuthUserId

Authentication tokens are stored in the “myna_permissions” data source, so both sending and receiving applications must use the same database for “myna_permissions”.

The token itself does not contain any authentication information.  It is a just a cryptographically unique key to lookup authentication information in a shared database.  If these tokens are sent over

getAuthTypes

getAuthTypes:function()

returns an array of valid auth type names for this system

getRightById

getRightById:function(id)

returns the right object that matches the supplied id or null

Parameters

idright id to search

getRightModel

getRightModel:function (baseModel)

returns a validating model (see <Myna.DataManager.getManager> )

Parameters

baseModelOptional If an existing model is passed in, it will be modified with the proper validation, fieldnames, etc and returned

getRightByName

getRightByName:function(name,
appname)

returns the right object that matches the supplied name and appname, or returns null

Parameters

nameright name
appnameright appname

getRightsByAppname

getRightsByAppname:function(appname)

returns a Myna.DataSet of all the rights associated with the supplied appname

Parameters

appnameappname to filter by

getUserGroupsByAppname

getUserGroupsByAppname:function(appname)

returns a Myna.DataSet of all the user groups associated with the supplied appname

Parameters

appnameappname to filter by

getUserGroupByName

getUserGroupByName:function(appname,
groupname)

returns a UserGroup reference or null

Parameters

appnameapp name to filter by
groupnamegroup name to return

getUserGroupById

getUserGroupById:function(id)

returns the user group object that matches the supplied id or null

Parameters

iduser group id to search

getUserById

getUserById:function(id)

returns the User object that matches the supplied id or null

Parameters

iduser id to search

getUserByLogin

getUserByLogin:function(type,
login)

returns the User object that matches the supplied login or null

Parameters

typeauth type
loginlogin or remote_id, both are searched

getUserByAuth

getUserByAuth:function(login,
password,
type)

returns the User that matches the supplied username and password or null if no matches

Parameters

loginlogin string (username)
passworduser’s password
typeOptional, default null auth type to check, or all types if not defined. if more than one user matches this login and password an exception is thrown

getUserModel

getUserModel:function (baseModel)

returns a validating model (see <Myna.DataManager.getManager> )

Parameters

baseModelOptional If an existing model is passed in, it will be modified with the proper validation, fieldnames, etc and returned

getLoginModel

getLoginModel:function (baseModel)

returns a validating Login model (see <Myna.DataManager.getManager> )

Parameters

baseModelOptional If an existing model is passed in, it will be modified with the proper validation, fieldnames, etc and returned

getUserGroupModel

getUserGroupModel:function (baseModel)

returns a validating UserGroup model (see <Myna.DataManager.getManager> )

Parameters

baseModelOptional If an existing model is passed in, it will be modified with the proper validation, fieldnames, etc and returned

Myna. Permissions.User

Provides access to user specific permissions. see Myna.Permissions for creation

Summary
Functions
get_createdreturns created
get_first_namereturns first_name
get_last_loginreturns last_login
get_last_namereturns last_name
get_middle_namereturns middle_name
get_titlereturns title
get_user_idreturns user_id
set_createdsets created
set_first_namesets first_name
set_last_loginsets last_login
set_last_namesets last_name
set_middle_namesets middle_name
set_titlesets title
qryRightsreturns query of rights associated with this user
inactivateinactivates this user.
isActivereturns true if this user is active
reactivatereactivates this user
hasRightreturns true if this user has been assigned the supplied appname and right name
hasAnyRightreturns true if this user has been assigned the supplied appname and any of the supplied right names
getLoginsreturns a DataSet of objects in the form of [{type,login}] of the logins associated with this user
getLoginListreturns a list of type/login pairs in the form of “type:login,type:login” of the logins associated with this user
setLoginadds or updates an login for this user
isCorrectPasswordreturns true if the supplied user login and plaintext password match the stored password hash.

Functions

get_created

returns created

get_first_name

returns first_name

get_last_login

returns last_login

get_last_name

returns last_name

get_middle_name

returns middle_name

get_title

returns title

get_user_id

returns user_id

set_created

sets created

Parameters

valuenew value

set_first_name

sets first_name

Parameters

valuenew value

set_last_login

sets last_login

Parameters

valuenew value

set_last_name

sets last_name

Parameters

valuenew value

set_middle_name

sets middle_name

Parameters

valuenew value

set_title

sets title

Parameters

valuenew value

qryRights

Myna.Permissions.User.prototype.qryRights = function()

returns query of rights associated with this user

Detail

returns a Myna.Query object containing right_id, name, appname, and description columns for each right this user has been assigned

inactivate

Myna.Permissions.User.prototype.inactivate = function()

inactivates this user.  Inactivating a user also removes the user from all user groups and causes isCorrectPassword to fail even if the password is correct

isActive

Myna.Permissions.User.prototype.isActive = function()

returns true if this user is active

reactivate

Myna.Permissions.User.prototype.reactivate = function()

reactivates this user

hasRight

Myna.Permissions.User.prototype.hasRight = function(appname,
rightName)

returns true if this user has been assigned the supplied appname and right name

Parameters

appnamename appname of of application
rightright name

hasAnyRight

Myna.Permissions.User.prototype.hasAnyRight = function(appname,
right_list)

returns true if this user has been assigned the supplied appname and any of the supplied right names

Parameters

appnamename appname of of application
rightOptional, default all rights for _appname_ a comma separated list or right names

getLogins

Myna.Permissions.User.prototype.getLogins = function(type)

returns a DataSet of objects in the form of [{type,login}] of the logins associated with this user

Parameters

typeOptional, default null If defined, an array of login name strings matching this type is returned instead of the DataSet

getLoginList

Myna.Permissions.User.prototype.getLoginList = function(delimiter,
seperator)

returns a list of type/login pairs in the form of “type:login,type:login” of the logins associated with this user

Parameters

delimiterOptional, default ‘,’ seperator between each type/login set
seperatorOptional, default ‘:’ seperator between each type and login in each login set

setLogin

Myna.Permissions.User.prototype.setLogin = function(options)

adds or updates an login for this user

Parameters

optionsAn object that conains the options for this login. see below

Options

typetype of login.  This is a hint for how to authenticate using this login.  Suggested values: myna (for local password access), ldap, openid
loginthe appropriate type of identifier,
passwordoptional default “” a plain text password to encrypt with this login
remote_idoptional default login For logins from remote auth adapters, this is the unique Identity for this login in the remote system

isCorrectPassword

Myna.Permissions.User.prototype.isCorrectPassword=function(login,
password)

returns true if the supplied user login and plaintext password match the stored password hash.  Only works for “myna” auth type.  Will always return false for inactive users

Parameters

loginuser login
passworda plain text password for comparison

Myna. Permissions. Right

Provides access to Right specific actions. see Myna.Permissions for creation

Summary
Functions
get_appnamereturns appname
get_descriptionreturns description
get_namereturns name
get_right_idreturns right_id
set_appnamesets appname
set_descriptionsets description
set_namesets name

Functions

get_appname

returns appname

get_description

returns description

get_name

returns name

get_right_id

returns right_id

set_appname

sets appname

Parameters

valuenew value

set_description

sets description

Parameters

valuenew value

set_name

sets name

Parameters

valuenew value

Myna. Permissions. UserGroup

Provides access to user group specific actions.  See Myna.Permissions for creation

Summary
Functions
get_appnamereturns appname
get_descriptionreturns description
get_namereturns name
get_user_group_idreturns user_group_id
set_appnamesets appname
set_descriptionsets description
set_namesets name
addUsersadds one or more users to this group, if not already added
addRightsadds one or more rights to this group, if not already added
qryRightsreturns query of rights associated with this group
removeRightsremoves one or more rights from this group, if not already removed
removeUsersremoves one or more users from this group, if not already removed
qryUsersreturns a query of user information associated with this group
addSubGroupsadds one or more sub_groups to this group, if not already added
qrySubGroupsreturns query of sub_groups associated with this group
removeSubGroupsremoves one or more sub_groups from this group, if not already removed

Functions

get_appname

returns appname

get_description

returns description

get_name

returns name

get_user_group_id

returns user_group_id

set_appname

sets appname

Parameters

valuenew value

set_description

sets description

Parameters

valuenew value

set_name

sets name

Parameters

valuenew value

addUsers

Myna.Permissions.UserGroup.prototype.addUsers = function(user_id_list)

adds one or more users to this group, if not already added

Parameters

user_id_listarray or list of user_ids to add

addRights

Myna.Permissions.UserGroup.prototype.addRights = function(right_id_list)

adds one or more rights to this group, if not already added

Parameters

right_id_listarray or list of right_ids of rights to add

qryRights

Myna.Permissions.UserGroup.prototype.qryRights = function()

returns query of rights associated with this group

removeRights

Myna.Permissions.UserGroup.prototype.removeRights = function(right_id_list)

removes one or more rights from this group, if not already removed

Parameters

right_id_listarray or list of right_ids of user to add

removeUsers

Myna.Permissions.UserGroup.prototype.removeUsers = function(user_id_list)

removes one or more users from this group, if not already removed

Parameters

user_id_listarray or list of user_ids of user to add

qryUsers

Myna.Permissions.UserGroup.prototype.qryUsers = function()

returns a query of user information associated with this group

addSubGroups

Myna.Permissions.UserGroup.prototype.addSubGroups = function(sub_group_id_list)

adds one or more sub_groups to this group, if not already added

Parameters

sub_group_id_listarray or list of group_ids of sub_groups to add

qrySubGroups

Myna.Permissions.UserGroup.prototype.qrySubGroups = function()

returns query of sub_groups associated with this group

removeSubGroups

Myna.Permissions.UserGroup.prototype.removeSubGroups = function(
   sub_group_id_list
)

removes one or more sub_groups from this group, if not already removed

Parameters

sub_group_id_listarray or list of sub_group_ids of user to add
addApp:function(options)
Adds/updates an application, and returns an instance of Myna.Permissions.App.
getAppValues:function(appname)
returns an object containing the display name, description, and inactive_ts for the supplied appname, or null if not defined
addRight:function(options)
adds a new right, and returns an instance of Myna.Permissions.Right
Provides access to Right specific actions.
deleteRight:function(right_id)
deletes a right
addUserGroup:function(options)
adds a new user group, and returns an instance of Myna.UserGroup
deleteUserGroup:function(user_group_id)
removes a user group
addUser:function(options)
adds a new user, and returns an instance of Myna.Permissions.User
Provides access to user specific permissions.
consumeAuthToken:function(token)
returns associated user_id or null if invalid
readAuthToken:function(token)
returns associated user_id or null if invalid
getAuthAdapter:function(auth_type)
creates and configures and authentication adapter based on the auth type name provided
getAuthKey:function(name)
retrieves a unique authKey from the crypt_keys table for the supplied name, or creates one if the name does not exist.
getAuthToken:function(user_id,
timeout)
creates stores and return a one-use authentication token for the supplied user_id
getAuthTypes:function()
returns an array of valid auth type names for this system
getRightById:function(id)
returns the right object that matches the supplied id or null
getRightModel:function (baseModel)
returns a validating model (see <Myna.DataManager.getManager> )
getRightByName:function(name,
appname)
returns the right object that matches the supplied name and appname, or returns null
getRightsByAppname:function(appname)
returns a Myna.DataSet of all the rights associated with the supplied appname
A specialized array for working with tabular data
getUserGroupsByAppname:function(appname)
returns a Myna.DataSet of all the user groups associated with the supplied appname
getUserGroupByName:function(appname,
groupname)
returns a UserGroup reference or null
getUserGroupById:function(id)
returns the user group object that matches the supplied id or null
getUserById:function(id)
returns the User object that matches the supplied id or null
getUserByLogin:function(type,
login)
returns the User object that matches the supplied login or null
getUserByAuth:function(login,
password,
type)
returns the User that matches the supplied username and password or null if no matches
getUserModel:function (baseModel)
returns a validating model (see <Myna.DataManager.getManager> )
getLoginModel:function (baseModel)
returns a validating Login model (see <Myna.DataManager.getManager> )
getUserGroupModel:function (baseModel)
returns a validating UserGroup model (see <Myna.DataManager.getManager> )
Myna.Permissions.User.prototype.qryRights = function()
returns query of rights associated with this user
Myna.Permissions.User.prototype.inactivate = function()
inactivates this user.
Myna.Permissions.User.prototype.isActive = function()
returns true if this user is active
Myna.Permissions.User.prototype.reactivate = function()
reactivates this user
Myna.Permissions.User.prototype.hasRight = function(appname,
rightName)
returns true if this user has been assigned the supplied appname and right name
Myna.Permissions.User.prototype.hasAnyRight = function(appname,
right_list)
returns true if this user has been assigned the supplied appname and any of the supplied right names
Myna.Permissions.User.prototype.getLogins = function(type)
returns a DataSet of objects in the form of [{type,login}] of the logins associated with this user
Myna.Permissions.User.prototype.getLoginList = function(delimiter,
seperator)
returns a list of type/login pairs in the form of “type:login,type:login” of the logins associated with this user
Myna.Permissions.User.prototype.setLogin = function(options)
adds or updates an login for this user
Myna.Permissions.User.prototype.isCorrectPassword=function(login,
password)
returns true if the supplied user login and plaintext password match the stored password hash.
Myna.Permissions.UserGroup.prototype.addUsers = function(user_id_list)
adds one or more users to this group, if not already added
Myna.Permissions.UserGroup.prototype.addRights = function(right_id_list)
adds one or more rights to this group, if not already added
Myna.Permissions.UserGroup.prototype.qryRights = function()
returns query of rights associated with this group
Myna.Permissions.UserGroup.prototype.removeRights = function(right_id_list)
removes one or more rights from this group, if not already removed
Myna.Permissions.UserGroup.prototype.removeUsers = function(user_id_list)
removes one or more users from this group, if not already removed
Myna.Permissions.UserGroup.prototype.qryUsers = function()
returns a query of user information associated with this group
Myna.Permissions.UserGroup.prototype.addSubGroups = function(sub_group_id_list)
adds one or more sub_groups to this group, if not already added
Myna.Permissions.UserGroup.prototype.qrySubGroups = function()
returns query of sub_groups associated with this group
Myna.Permissions.UserGroup.prototype.removeSubGroups = function(
   sub_group_id_list
)
removes one or more sub_groups from this group, if not already removed
setAuthUserId:function(user_id,
cookieOptions)
sets a cookie that contains the supplied user_id and a timestamp
getAuthUserId:function()
Returns the user_id in “myna_auth_cookie”, or null if there is no cookie
onRequestStart:function()
Called before processing a request, but after and parent onRequestStart functions.
clearAuthUserId:function()
Clears the “myna_auth_cookie”.
clear:function()
deletes a session.
A WebService meta object that can serve requests for SOAP, XML-RPC, JSON-RPC, JSON-MYNA, and Ext.Direct
A static class that provides access to the Myna Permissions System
Sql query object Overview: The Query object can be used for queries that return a result set (select statements), as well as those that do not (create, update, insert, delete etc...)