Easy way to pass variables between modules/apps
Application Type
Reactive, Service

Hi there,


I am building an app in which someone logs in at the initial and depending on the user who logs in, the data should be fetched accordingly. (Reactive web app here)


The data I received is mixed, i.e.: the main data contains records from both the logged in as well as the non-logged in users. I am aware that I can filter this data in every aggregate, but I want to make it simpler:

As the best practice is to use a core module to fetch all the initial data, could I just not filter it there just once? Then I could keep using the data, which will only be from the logged in user.

The main issue I have though: How to pass the logged in ID from the WebApp (front-end) to the Core (back-end, this is a service module) to filter the initial data accordingly?

Should I be using JSON tools for this?


Kind regards,


Remi

Hi Remi,

As I understand, your question is How to pass the logged in ID from the WebApp (front-end) to the Core (back-end, this is a service module) to filter the initial data accordingly? 

What I can think of is creating a server action in the core module and making it public. It can have an Input parameter where you can pass the GetUserId(). Now within the server action, you can have multiple checks like CheckRole() to find whether the passed in UserId is having sufficient roles, and then pass the data to service action, fetch the required data and pass it back as record list in the output parameter. 

Hope this gives an idea on how to implement for your scenario.

Thanks,

Somesh

mvp_badge
MVP

The client logic will call this server action with an input parameter being UserId, this is easily to be manipulated in browser tools. It is better to use GetUserId() directly in the server action, No need to pass it in as input parameter.

Hi!

The GetUserId() function is a secure action and you can pass it as a parameter. 

The data you receive, already filtered by the user authorizations, is available after the Aggregate/SQL ends , you can explore it as any other list. But if the database is changed during the session , this data will not be changed until you fetch it again.   

Just some ideas, hope it helps

Graça



mvp_badge
MVP

It doesn't make sense to pass GetUserId() as parameter, why not directly where needed in filters of aggregates?

What do you mean that GetUserId() is a secure action?

Hi Remi,

As I understand, your question is How to pass the logged in ID from the WebApp (front-end) to the Core (back-end, this is a service module) to filter the initial data accordingly? 

What I can think of is creating a server action in the core module and making it public. It can have an Input parameter where you can pass the GetUserId(). Now within the server action, you can have multiple checks like CheckRole() to find whether the passed in UserId is having sufficient roles, and then pass the data to service action, fetch the required data and pass it back as record list in the output parameter. 

Hope this gives an idea on how to implement for your scenario.

Thanks,

Somesh

mvp_badge
MVP

The client logic will call this server action with an input parameter being UserId, this is easily to be manipulated in browser tools. It is better to use GetUserId() directly in the server action, No need to pass it in as input parameter.

Thank you all for all your valuable responses!

@Somesh Renganathan This is indeed exactly the problem I was having and using the server action (something which I experimented with, but didn't work initially) will be my go-to here.

But as @Daniël Kuhlmann rightfully mentioned, I think it would be best to use the GetUserId() directly in the server action indeed. I didn't even know this was possible to do in the core itself! I'll definitely give that a go now that I know you can call GetUserId() in the core.

If all else fails, passing the variable as input parameter would be acceptable in my use case as the data isn't super critical for my application. (Although of course, regarding best practices... )


Once again, thank you all for the very helpful answers. I will give it a try and update the thread once my goal is achieved.


Kind regards,


Remi

Hi all,


Just an update on this:

I went for a mixed approach based on all the answers here. 

Instead of passing the UserId directly along with a server action (which can indeed be manipulated), I check the UserId on login and execute a Server Action from the core while passing a "CustomerId". This CustomerId is mapped to the UserId in the Web App itself and before sending the CustomerId to the Core Server Action, it is checked whether the logged in user is indeed authorized to send that CustomerId to the core.


In the core then, I filter on the CustomerId (something which I had to do anyways, cause I don't have the "UserId in any of my Entities). 

I am planning to also do another check in the Core Server Action itself to check if the passed CustomerId wasn't manipulated, but for now this solves my issue.


Thanks all for your input here!



Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.