At the top level is the link category - this includes link subcategories and links. Links can belong to a link category directly, or to one of its subcategories.
The middle level contains optional link subcategories, which can include links.
The bottom level contains the links themselves.
Access control rules cascade from top level to bottom level, i.e. from link categories to links.
Link display and click access are controlled by the following features: authentication/authorization, condition scripts, and date filters.
There are several levels of authentication and authorization modes:
In the least secure case, link access is available to everyone. In this case, a link does not require a user session.
Identification mode requires a user session, but does not require its validation for expiry.
Authentication mode requires a valid, not expired user session.
Authorization requires both a valid, not expired session as well as user access that is granted to access the link. If user is not authorized, the link is not displayed and cannot be accessed via APIs by the user.
If a link requires at least authentication, link category should also be configured to require at least authentication. If a link category does not require authentication and valid session is not available, the links which require authentication are not displayed and cannot be accessed. Similar conditions are applied to session identification mode.
Links with authorization enabled do not require the entire link category to use authorization mode. In this case, display and access authorization is calculated for each link separately and independently from its corresponding link category.
If a link category and/or a link subcategory, which include a link, require authorization, then authorization for these resources should pass to allow link display and access, on top of authorization requirements set on the individual link.
Conditions scripts are executed (per configuration) on each link display or link click access event. Condition script can return "1" (meaning True) or "0" (meaning False).
Condition scripts can be created on all three levels of resources hierarchy - link category, link subcategory, and link.
Link display and link click access events automatically execute conditional scripts if configured on both link level and/or upper levels. All executed condition scripts must return "1" to either display or allow link click access.
Date filters control link display based on date range. There are 2 methods:
- Based on current date - current date must be in the date range specified per link
- Based on link release date - link release date must be in the date range specified in the properties of link category