The Permissions API provides authentication based access control to configuration objects in WinGate. As an example, you might be developing a plugin that manages a farm of servers and you wish to allow access control to who can view, modify or delete servers. Using the Permissions API enables you to do this with a consistent look and feel for your users. Your servers will appear in the Permission panel and the permissions for the servers can be configured through a standard interface.
Hierarchy
The WinGate permissions system is a hierarchical collection of permissions objects that supports permission inheritance, propagation control and overriding. New permissions can be added or existing ones customised.
Permission Classes
Before a permission object can be instantiated you must register a class using PermissionsRegisterClass. This class defines the default settings for instantiated objects of that class. It includes things such as label, description, available permissions for objects of that class and for child objects of that class.
Permission Objects
Once a class has been registered you can register (instantiate) permission objects of that class with PermissionsRegisterObject. This creates a real permission object in WinGate that will be visible in the Permissions panel of the WinGate Management Console. When registering a permission object you can parent it to an already existing permission object in order to build a hierarchy of objects that can share their permissions via inheritance.
Permission Access Checking
Once you have permission objects instantiated you can check permissions against a user with calls to either PermissionsGetUserAccess and PermissionsAccessCheck. The former gives you set of all granted permissions for a user in a bit mask and the latter checks for a single permission.
Custom/Overriding Permissions
You can override the displayed text and description of permissions by using PermissionsClassPermissionInfo and PermissionsClassPermissionChildInfo. This enables you to present a more relevant name for a permission than what the default name implies. For example. You might want to provide a permission for "Can restart service" and therefore you can override a permission that you're not using such as PERMISSION_EXECUTE with a new name and description.