14
Views
5
Comments
Solved
Roles are not getting checked
Question

I have to check two roles. have written server actions for the same. Apparently aren't working Could you please help

mvp_badge
MVP
Rank: #17
Solution

Ok, so after DoLogin you should try and debug your logic and check in the debugger the value of the logged in user ID, it should have a valid Id, then check for the user if the appropriate roles are attached to the user.

On a side comment, I think you do it wrong. It would be much easier to keep use of the default authentication logic and have the Employee entity a reference to a User record by setting the Employee Id to User Identifier.This would safe you a lot of coding and bug fixing, and still achieve the same, see  How_to_add_extra_logic_to_Users'_login, instead of UserExtension you then name your entity Employee.

mvp_badge
MVP
Rank: #17

Hi Albatross,

I noticed your logic of the Login screens Login actions is quit different that the code that OutSystems provides by default.

The User_Login must be called successfully before you can check the role of the logged in user, you don't have to validate the password yourself, this is taken care of by OutSystems. If there is an invalid login a SecurityException will be raised and this will automatically be bubbled up to the global exception handler OnException that should be defined automatically by OutSystems in the Common UI flow.

So you role validations can be positioned right after User_Login, as you can assume at that point a user is logged in.

Regards,

Daniel

mvp_badge
MVP
Rank: #17
Solution

Ok, so after DoLogin you should try and debug your logic and check in the debugger the value of the logged in user ID, it should have a valid Id, then check for the user if the appropriate roles are attached to the user.

On a side comment, I think you do it wrong. It would be much easier to keep use of the default authentication logic and have the Employee entity a reference to a User record by setting the Employee Id to User Identifier.This would safe you a lot of coding and bug fixing, and still achieve the same, see  How_to_add_extra_logic_to_Users'_login, instead of UserExtension you then name your entity Employee.

Hi Albatross,

In your action you are checking for role first and then performing the user_Login. 

This is not the proper approach. You can follow the approach below - 

1. check for the credentials. If proper do the userlogin.

2. Check for role after login as you will get proper result for logged in user.

3. If the user has role then proceed or just logout the user and lad him to the login/invalid permission page with corresponding error message.

Let me know if this helps.


Thanks,

Unnati