Hi guys,
I am making a reactive webapp and i am struggling with the user section. What i am making is an app where you can add a list that you can create. But the thing is that i want to make it so the user could only see his own list and that the admin could see every list of the users. Currently when you add a list, every user could see it. thanks if you guys could help.
This solution might give you a rough idea:
First this first, you need to have an attribute to tie the record to the user.
In this sample, I added "CreatedBy" with data type User Identifier in the Speler table
Inside of your Aggregate, add this filter
CheckBeheerderRole(UserId:) or Speler.CreatedBy = GetUserId()
This filter translated to "Is Logged in User has role Beherdeer?"
OR "Is Record Created By the Logged in User?"
I use "OR" so if either one fulfills, the condition will be True.
Test the results:
1) Logged in as User 1 (Andrea McCarthy)
2) Logged in as admin
As you can see, there is another record "Olivia 3" which is from another user.
Most importantly, don't forget to add saving of the CreatedBy.
I have attached the modified oml file. You can have a look.
Hope this helps! & If it does, please mark this as a solution.
Thank you,
Zureen
Hi Christopher,
Kindly attach your oml file so I could show you how.
Regards,
how could i show that?
I have replied to your message, do have a look :)
Hi Christopher.
I hope you already created roles, e.g. Admin, Encoder etc..,
And i am assuming you created an attribute in entity (where you storing List data) to identify for which user this list added.
If not then please create an attribute (i.e. ListForUser) and store user id for whom list created.
Then in aggregate add a filer like -
if(CheckAdmin(), True, ListForUser = GetUserId())
i hope it'll help you.
ThanksDeep
Hi @Christopher Lam
You need to Check role first of logged in user and then fetch data accordingly.
Can use it
Thanks
Himani
Please follow @Deepsagar Dubey's suggestion for your use case.
Rahul Yadav
Hi Chris,
Please use roles for this type of requirement.
U can use utility functions of roles like below screen shot.
you can use above actions if you have to check the roles in Server actions. Since these are not client actions you can't use them directly on reactive screens.
What you can do it.
https://www.outsystems.com/forums/discussion/62886/reactive-web-application-check-role/
https://success.outsystems.com/documentation/10/reference/outsystems_apis/javascript_api/security/#functions
Hope these links can help you
Hi,
for record level permissions you should go for an access control list approach like described here https://success.outsystems.com/documentation/best_practices/architecture/use_access_control_list_to_set_up_permission_based_access_to_data/.
But only if you want to grant permissions to other users as well. If not the approach written by Deepsagar is fully sufficient.
Best
Stefan
Its a bit hard to understand what to really do. I am really new to outsystems and i cant really find out where to look. if you guys are interested to help me via a call let me know. most of the times i use discord or teams
Hi @Christopher Lam,
I Will try to explain in detail and in Simple words
let's say you are using same screen to show data for both admin and users.
Requirements: you want to show all data to admin and users should be be able to show only its own data.
it means in your application you already have two roles one is user and other is admin role (if your application don't have roles you need to create it through User application or service studio)
now assign admin role to a user through the user application.
Now come add data inside database, when you add data into table you need to insert current logged in user id (by GetUserId() )
Now comes to show data on screen:
Create a DataAction inside your Screen and output IsAdmin(Boolean) Inside Data action Call check adminrole action (when you create your role these roles visible in logic tab expand roles you will get it's actions like checkrole, grant role, revoke role)
Check admin role will return you HasAdmin output just assign this value inside your DataAction output (IsAdmin)
Now come to aggregate that is binded with your table on screen
Put condition like
if(yourDaaAction.IsAdmin, True, YourAggregare.CreatedBy=GetUserid())
Condition explain: when your admin is true then Aggregate will return all data so admin can see all data
Else Created by = GetUserid() filter data according to current logged in user can see only his data
Note : your all pages add and listing screen should not be anonymous
kind regards,
Sanjay Kushwah