Hi,
Here is what I want to do:
First, I want to add group_id to my order table. when user create table, set the user group to this field.
Then, setup access group, users in the group only can see the order with the same group_id.
The first problem I’ve met is that I cannot get group object by using userSession.getUser().getGroup().
Is that possible to set constraint for users to only see the order with same group_id.
Best Regards.
Zhengwu.
Hi Zhengwu,
This code works well for me, provided that Order entity has a reference to Group:
public class OrderEdit extends AbstractEditor<Order> {
@Inject
private UserSession userSession;
@Override
protected void initNewItem(Order item) {
item.setGroup(userSession.getUser().getGroup());
}
}
If I add {E}.group.id = :session$userGroupId security constraint to the Order entity, orders will be available only for users from the same group as a user which created them.
thank you for your quick answer,
I tried the same code, but it doesn’t work well
it said group object is detached.
Best Regards.
Zhengwu
Of course it is detached. All entities are detached when you work with them outside of a transaction that loaded them. See Entity States - CUBA Platform. Developer’s Manual
If you set a detached object to an attribute of another entity, the reference will be saved.
Sorry, I tried again, it works well for me, thank you very much.
Hi Krivopustov,
I have tried {E}.group.id = :session$userGroupId to filter some orders out, and it works well to me. But I have the orders list in customer edit window, in this list, I still see all the orders there, can I do the same thing to this orders list? how?
Best Regards.
Zhengwu.