Separate queries based on Role

Support
#1

Hey Team,

I’m still new to Cuba Studio, so I apologize for not being able to locate this information yet.

This is what I’m trying to accomplish:

  • If a user has a Role of type ‘Analyst’ (added in the Role section of the Administration menu), they will see all entries in a Browse screen.

  • If a user has a Role of type ‘Individual’ (added in the Role section of the Administration menu as a Default Role), they will only see their entries in the Browse screen.

The way I accomplished this so far is to create separate screens and limit the view in the Administration menu (Deny or Allow).

I’m hoping there is a cleaner way to do this. I’m still going through the documentation, but I haven’t stumbled upon the proper way to do this yet.

Thanks in advance!

#2

Hi @adam5sbass,

Take a look at Access Group.

I have not tested, but your constraint (in memory) may be something like this:

if (PersistenceHelper.isNew({E})) {
    return true
}
return {E}.createdBy == userSession.user.login || userSession.roles.contains('Analyst')

Best Regards.

1 Like
#3

This looks promising. I’m looking into it. Though I had wished for a code-based conditional operator method of accomplishing the goal, this method looks like it could get me further toward what I had hoped for. Thank you!

#4

Hi @adam5sbass,
I think this solution (using access group) is the one that will cover more scenarios (browse screen query, custom queries using datamanager, rest API, and maybe more situations that I’m not aware of :)).

Of course you can implement without using this cuba feature, it depends on what you are trying to accomplish. For example, you can use query conditions. Or maybe change the query completely before opening the screen.
But remember: without using Cuba security subsystem, you will have to implement these constraints everywhere you need them.

#5

Once again, thank you. You’ve given me much to look into.