Rest API - No user id in userInfo API

asif4385 · April 15, 2017, 11:39pm

Hi,

I am using Cuba Rest API to build ionic mobile app and I am facing following issue.

Let say each user has access to his own data (table rows) including sec$User entity. We can achieve this using Access groups and Roles.

Let us say we want to provide each user option to update his profile (firstname, lastname, email, password, photo etc), which is standard requirement in most of the apps. How user should read(GET) this data?

Use API …entities/sec$User/{entityId}… But we do not have id of user. So this option is eliminated.
Use API …entities/sec$User…This solves the problem for standard users in which he gets his own data along with required id. But in case if admin logs in, he receives 100s of records of all other users as well. . So this option is eliminated
…/oauth/token api does not return id of user. It gives only access token, which is correct. It takes username and password as inputs
…/userInfo gives all details of user except id of the user.

Option 1, 2 and 4 require access_token which we obtain from option 3 above. But there is no neat way to obtain id of entity sec$User using access_token.

Reference: Swagger UI

The simple solution could be to send id of user in userInfo GET request.

Note: I am relatively new to Cuba and there may be Rest API to solve this problem.

Thanks

gorbunkov · April 17, 2017, 7:25am

Hi,

Thanks for pointing out the problem! The user id will be added to the result of the /userInfo controller in the release 6.5

gorbunkov · April 17, 2017, 10:08am

BTW, if you invoke middleware service method with the REST API, you can get the current user with the UserSessionSource bean.

mario · April 17, 2017, 10:40am

Hi Asif,

in case it the the same app as described here: Rest APIs to update user information - CUBA.Platform you can list do a GET on /rest/v2/entities/sec$User and you will get only your user, because you added the corresponding constraint

Bye
Mario

asif4385 · April 18, 2017, 12:03am

Thanks Max/Mario,

@Max
I have never used UserSessionSource bean but I will have a look at it.

@Mario
Have a look at point 2 in my post above.
2. Use API …entities/sec$User…This solves the problem for standard users in which he gets his own data along with required id. But in case if admin logs in, he receives 100s of records of all other users as well. . So this option is eliminated.

At present I am using this as a solution but for someone who has got full User table access, it is going to fetch records of all users.

Thanks
Asif

system · April 18, 2017, 12:03am

See the following issue in our bug tracker:

https://youtrack.cuba-platform.com/issue/PL-8962