Documentation for this 13.1 feature can be previewed here: https://www.labkey.org/wiki/home/Documentation/page.view?name=manageWebParts#perm

- Steve

Thanks, Steve!

I read there that these apply to individual instances but not to the 'class' of the web part.

It is desirable for us to have all of the instances conform to a certain level of permissions.

So is there a place for me as a developer to set these permission, when I'm writing my code for a particular module?

Thanks.
-Leo

The setting is per-instance, but a folderType can set the default permission for web parts created as part of the folder type (an admin could override on a per instance basis).

Allowing the default to be set in webpart.xml would be a good addition.

marki,

Yes, exactly, I was thinking of having some kind of config in the webpart.xml set-up file, but I guess, that is not available at this time?

Could you, please, elaborate with more details on the first part of your response? Is it possible to achieve with this mechanism what I originally asked?
Moreover, a web part instance of a different module should show up regardless whether the user is in a 'reader' or 'editor' mode...

Thank you.

i think you can set permission per HTML view (see the .view.xml file). a file based webpart is just a wrapper around an HTML file anyway.

however, I'm not sure that would completely accomplish what you want. this would mean the user gets an ugly 'no permission' message when they try to view it, rather than just not showing. maybe some combination of these two:

- for genuine security, set permission on your HTML view, using the XML config. this means permission is actually enforced by the server, no matter what client-side code is running

- on the client, conditionalize whether you attempt to show load this webpart based on the current user's permissions. The basic permissions are available under LABKEY.Security.currentUser, which at least means you dont need to query the server to find them.