Rest API - No user id in userInfo API

Hi,

I am using Cuba Rest API to build ionic mobile app and I am facing following issue.

Let say each user has access to his own data (table rows) including sec$User entity. We can achieve this using Access groups and Roles.

Let us say we want to provide each user option to update his profile (firstname, lastname, email, password, photo etc), which is standard requirement in most of the apps. How user should read(GET) this data?

  1. Use API …entities/sec$User/{entityId}… But we do not have id of user. So this option is eliminated.
  2. Use API …entities/sec$User…This solves the problem for standard users in which he gets his own data along with required id. But in case if admin logs in, he receives 100s of records of all other users as well. . So this option is eliminated
  3. …/oauth/token api does not return id of user. It gives only access token, which is correct. It takes username and password as inputs
  4. …/userInfo gives all details of user except id of the user.

Option 1, 2 and 4 require access_token which we obtain from option 3 above. But there is no neat way to obtain id of entity sec$User using access_token.

Reference: http://files.cuba-platform.com/swagger/

The simple solution could be to send id of user in userInfo GET request.

Note: I am relatively new to Cuba and there may be Rest API to solve this problem.

Thanks

Hi,

Thanks for pointing out the problem! The user id will be added to the result of the /userInfo controller in the release 6.5

BTW, if you invoke middleware service method with the REST API, you can get the current user with the UserSessionSource bean.

Hi Asif,

in case it the the same app as described here: https://www.cuba-platform.com/discuss/t/rest-apis-to-update-user-information#comment-5614 you can list do a GET on /rest/v2/entities/sec$User and you will get only your user, because you added the corresponding constraint :slight_smile:

Bye
Mario

Thanks Max/Mario,

@Max
I have never used UserSessionSource bean but I will have a look at it.

@Mario
Have a look at point 2 in my post above.
2. Use API …entities/sec$User…This solves the problem for standard users in which he gets his own data along with required id. But in case if admin logs in, he receives 100s of records of all other users as well. . So this option is eliminated.

At present I am using this as a solution but for someone who has got full User table access, it is going to fetch records of all users.

Thanks
Asif

:ticket: See the following issue in our bug tracker:

https://youtrack.cuba-platform.com/issue/PL-8962