I am using Cuba Rest services to build ionic 2 angular 2 app. Using Cuba rest services was a breeze.
However, I am a little stuck.
In this mobile app, there are options under settings to change profile details, password etc. I would like to use oauth token to update firstname, middle name, last name, password, email address, role, access group etc. However, there is no rest api to do so.
I am referring doc below. http://files.cuba-platform.com/swagger
I can perform GET to read userInfo but I am not allowed to perform PUT and POST, which is correct. Swagger UI
I tried using entity sec$User. However, it requires oauth token of admin to perform CRUD.
What I am looking for is that the user should be able to update his own information ( firstname, middle name, last name, password, email address, role, access group etc.)
One work around is to use to admin (admin having role to perform create, update and delete users) oath within the mobile app whenever user information is needs to updated. Is there a simpler and direct way to achieve the same?
> I tried using entity sec$User. However, it requires oauth token of admin to perform CRUD.
What do you mean by that? Did you configured the access rights to this entity in such a way? Does it work is you grant everyone CRUD rights on sec$User? You can create an additional constraint on sec$User that the user is just able to edit itself.
In the roles you can configure which attributes can be changed by that user (e.g. firstName, lastName but not Group).
I haven’t configured access rights on sec$User. Say I have a role=super user with username=admin. First, I obtain an oauth token using …/oauth/token for this user. Later, I obtain the list of all users using …entities/sec$User. I get the list of all users. I can perform crud for all users using the same user.
As suggested by you:
I have created a constraint on sec$User (In access groups) to restrict row level access.
{E}.id = :session$userId)
Created a role to restricted operations (CRUD) on entity User. I wanted user to just update and read his own record (table). I restricted action on certain attributes as well.