Create user/role permissions on screen widgets e.g. buttons
Question
Application Type
Reactive

Hi, 

I was wondering if it is possible to show or not show certain elements on a screen to different loggedin users, who have different roles. E.g. a button only visible for an admin, by adding an If widget with in the condition 'CheckAdminRole'.

I've searched the forums, there are several posts that hint to this option. But it seems that in the expression editor I miss the relevant function CheckRole(RoleId, UserId) under Roles. I only see GetUserId(). In the screenshot below which I picked from one of the forum posts, you can see the missing function. 

 

 Is this extra function a setting anywhere which I overlooked? Maybe in Users management?

Hi,

I updated some points as following:

1. Default LoadAdminInfo should be False, because if default is True then registered users first go in they will see the button, if not admin user after fetch OnLoadingScreen will hide the button. That is not secure enough.

2. Set GetAdminTables fetch Only on demand, then Refresh it OnLoadingScreen on after fetch event if IsAdmin user. This make sure data load just for admin only.

I updated your .oml file. Please take a look.

Cheers,

Khuong


RolesTest.oml

On reactive, you cannot use server actions to do that condition on the client-side.

In reactive you can use the checking role on the server-side. You can use either a data action or a server action to check the role.

There is a really good explanation by @Rui Barradas in this post.

https://www.outsystems.com/forums/discussion/68385/if-statement-to-hide-links-based-on-role/

Kind regards,

Márcio


Hi Jay,

As per my knowledge, you can create a server action like this and use it in the OnInitialize action. Pass the getUserId() to CheckAdminRole action and assign its output to a local variable. You can use the same variable to hide and show the elements. The variable will be true if the people with the correct role logs in.

Thanks.

Hi @Jay Vanderven,

As mentioned above and per the OutSystems best practices, In Reactive, you should not use server actions to check roles on the client-side. 

You have to create "CheckRole" wrapper to validate the user has access to the role or not. use the wrapper actions in data action to validate access for the multiple roles.

Thanks, Aadhavan S

Hi,

I've created a working example with a server action, where an Admin can see an extra button and an extra table in the same screen.

See attached OML. 

Are there maybe other / better ways to reach the same result?


RolesTest.oml

Hi,

I updated some points as following:

1. Default LoadAdminInfo should be False, because if default is True then registered users first go in they will see the button, if not admin user after fetch OnLoadingScreen will hide the button. That is not secure enough.

2. Set GetAdminTables fetch Only on demand, then Refresh it OnLoadingScreen on after fetch event if IsAdmin user. This make sure data load just for admin only.

I updated your .oml file. Please take a look.

Cheers,

Khuong


RolesTest.oml

Hi Khuong,

Thx for the additions. All what can add to a more secure app is very welcome!

A next step I wanted to make with this demo is trying to add new user accounts (and maybe usergroups) with(in) the app by a superuser/admin instead of doing this in the 'users management backoffice'. I can remember me that I have seen earlier some documentation on it, but I can't find this anymore. 

The only possibility that I've found is selfregistering of an user. But this is not the same.

Any idea if this would be possible and, if so, can this be done in a secure way? 

Kind regards.

Hi,

If you want to do users management within the app, I think you can try to use these Users API.

Best,

Khuong

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.