Having multiple roles but only one role active after login

Support
#1

Hi
According to Roles - CUBA Platform. Developer’s Manual a user may have multiple roles, in which case a logical sum (OR) is computed from all of the assigned roles. This means if a user has a back office role and a guest role he would see all the screens/entities which has been created for both roles - correct?

However, in our use case the users expectation is, that he can choose a role after the login, if there are more than one roles assigned to him. Either he sees the screens for the back office user or for the guest user - but not the screens of both. Any suggestion how that could be achieved?

Best,
Wern

#2

Hi @werner.schnedl,
One possible solution is User Substitution: Either creating multiple users (for example: john-backoffice and john-guest) or creating shared users (guest and backoffice and assigning them for all users).

Another solution that may be possible is changing the UserSession after login and the user select which role he wants to use. But I don’t know if it is really possible, I think you’d have to recreate user session (like what is done automatically when using UserSubstituion).

Regards,
Peterson.

#3

Hi Peterson
Thanks for the feedback.

I was thinking now about the following approach:

  • Let’s say I assigned the roles below to “john smith”
  • After Login of “john smith”, I immediately remove programmatically all roles, and ask the user which role he wants
  • After he chooses the role I assign programmatically the desired role

image

Could anybody confirm if this would work and if yes is there an official API available to add/remove roles ?

Best,
Wern

#4

Hi @werner.schnedl,

That is precisely the 2nd possible solution I mentioned:

I suggest you take a look at the classes/methods below. Both classes can be extended:

UserSessionManager.compilePermissions and AuthenticationManagerBean.substituteUser.

Regards,
Peterson.

#5

Hi Peterson
Thanks for the clarification!
Best,
Werner