I am using Cuba Rest API to build ionic mobile app and I am facing following issue.
Let say each user has access to his own data (table rows) including sec$User entity. We can achieve this using Access groups and Roles.
Let us say we want to provide each user option to update his profile (firstname, lastname, email, password, photo etc), which is standard requirement in most of the apps. How user should read(GET) this data?
Use API …entities/sec$User/{entityId}… But we do not have id of user. So this option is eliminated.
Use API …entities/sec$User…This solves the problem for standard users in which he gets his own data along with required id. But in case if admin logs in, he receives 100s of records of all other users as well. . So this option is eliminated
…/oauth/token api does not return id of user. It gives only access token, which is correct. It takes username and password as inputs
…/userInfo gives all details of user except id of the user.
Option 1, 2 and 4 require access_token which we obtain from option 3 above. But there is no neat way to obtain id of entity sec$User using access_token.
in case it the the same app as described here: Rest APIs to update user information - CUBA.Platform you can list do a GET on /rest/v2/entities/sec$User and you will get only your user, because you added the corresponding constraint
@Max
I have never used UserSessionSource bean but I will have a look at it.
@Mario
Have a look at point 2 in my post above.
2. Use API …entities/sec$User…This solves the problem for standard users in which he gets his own data along with required id. But in case if admin logs in, he receives 100s of records of all other users as well. . So this option is eliminated.
At present I am using this as a solution but for someone who has got full User table access, it is going to fetch records of all users.