I am trying to create a client function to check the user's role.

Refer to This API, I am able to check the role by hard coding the role name.

However, I want to call this action dynamically with Role Name as an input param.

I have tried this but it's not working:

$parameters.HasRole = $public.Security.checkIfCurrentUserHasRole($roles.$parameters.RoleName);


Is there any way to achieve this?

Thanks in advance for helping

Maria da Graça Peixoto wrote:

Hi! 

The build in function CheckRole don't work for you?

 

Hi Maria,

This function is a server-side function, I need a client-side function. 


Dongyu Zhai wrote:

Maria da Graça Peixoto wrote:

Hi! 

The build in function CheckRole don't work for you?

 

Hi Maria,

This function is a server-side function, I need a client-side function. 


Yes, I have noticed it after. Sorry

 


Hi Dongyu Zhai,

You should never rely only on client code for security. Even if you do something on the client side, be sure to repeat those protections on the server side. Or consider having 2 different screens that are accessed by different roles.

Cheers,
Tiago Simões

Hi Dongyu, 

to my knowledge you will not be able to access these roles natively. 

You could make a Local Entity that synchronizes with server roles. 

Based on this Local Entity you could do your checks.

Roberto Almeida wrote:

Hi Dongyu, 

to my knowledge you will not be able to access these roles natively. 

You could make a Local Entity that synchronizes with server roles. 

Based on this Local Entity you could do your checks.

The roles are available on the client as described in the API document that Dongyu referred to.

No need to sync roles to a local entity.


Hi Dongyu

Dongyu Zhai wrote:

$parameters.HasRole = $public.Security.checkIfCurrentUserHasRole($roles.$parameters.RoleName);


Is there any way to achieve this?

Thanks in advance for helping

Your code is wrong, check the API you referred too, use $roles.NameOfTheRole instead of $roles.$parameters.RoleName

So if you have a role defined named Employee then use $roles.Employee 

Regards,

Daniel

Daniël Kuhlmann wrote:

Hi Dongyu

Dongyu Zhai wrote:

$parameters.HasRole = $public.Security.checkIfCurrentUserHasRole($roles.$parameters.RoleName);


Is there any way to achieve this?

Thanks in advance for helping

Your code is wrong, check the API you referred too, use $roles.NameOfTheRole instead of $roles.$parameters.RoleName

So if you have a role defined named Employee then use $roles.Employee 

Regards,

Daniel

Hi Daniel,

I am trying to call this action dynamically, which means the role name is a variable.


Hi,

In that case try and create and input parameter to your JavaScript widget called for example dynamicrole and on the widget assign the value '"$roles.Admin"

then the code in the JavaScript should br

$parameters.HasRole = $public.Security.checkIfCurrentUserHasRole(eval{$parameters.dynamicrole));

Regards,

Daniel


Daniël Kuhlmann wrote:

Hi,

In that case try and create and input parameter to your JavaScript widget called for example dynamicrole and on the widget assign the value '"$roles.$parameters.RoleName"

then the code in the JavaScript should br

$parameters.HasRole = $public.Security.checkIfCurrentUserHasRoe($parameters.dynamicrole);

Regards,

Daniel


Hi Daniel,

Thanks for the help.

However, it does not work that way.

I have attached a sample app for reference.


I wrote $public.Security.checkIfCurrentUserHasRole(eval($parameters.dynamicrole))

I will try and get it working in your attachment

Hi,

I tested my logic in the module you attached.

This is what I found, the $roles predefined object is empty:

I tested by simulating that the predefined object is has a property called Admin by in the console execute $roles.Admin = ""     Then reexecuted my code, and it did work.

But the real problem seems to then why the $roles property is not filled, they way the official OutSystems documentation describes.

Also alternatively to passing to the complete string $roles.Admin you could just pass the role name like "Admin"

In the javascript node input parameter,  then the code can than be done without eval() function like:

$public.Security.checkIfCurrentUserHasRole($roles[parameters.dynamicrole])

Regards,

Daniel

Hi Daniel,

I have tried your solution

It still returns false although I have granted the role

As I said for reason i dont understand $roles is not populated. My suggestions to dynamically test role will however work if $roles would have been properly populated according to OutSystems documentation.


The role is created on the client:

All roles are stored in local stores which you can access in chrome console:

localStorage.getItem("$OS_Users$RolesInfo"), and the last entry in this comma seperated is the admin role

Remains the question why $roles is not filled? Maybe someone from OutSystems can answer this.

I checked mobile app and there is also never $roles filled. I will talk to some co-workers tomorrow about it, maybe they know.

Noted, many thanks for your help

Your welcome, hope to get an answer to why the $roles predefined object is not filled