Expand my Community achievements bar.

SOLVED

Custom Named right not working in Input Forms and Data schema

Avatar

Community Advisor

Hello All,

 

I am trying to restrict access to input forms(specific input fields) and some attributes in the data schema for other Administrators. For this, I am using a custom named right "notSuperAdmin".

 

Code used in the input forms.

 <container type="visibleGroup" visibleIf="HasNamedRight('notSuperAdmin')">
<!--- some input fields here--->
</container>

 I also tried other variations.

hasNamedRight('notSuperAdmin')

hasNamedRight('notSuperAdmin')=true

 

Code for Schema:

  <attribute name="email" label="email" accessibleIf="HasNamedRight('notSuperAdmin')"/>

 

The Out of box name right of 'admin' seems to work fine in the input forms.

 

Instance Build: 9349

 

Any help will be appreciated.

 

 


     Manoj
     Find me on LinkedIn
1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Update 1:

I have managed to make it work for input forms. The named right method still didn't work.

 

Here is the workaround:

  • Schema change: Create a Method in the related schema to call a JS library. Pass the named right and the output string as a parameter.
  • JS library: A function in this JS library will receive the name right as an argument. Use the Js method to check operator has the required name right or not. If the name right is found, return true else, return false.
  • Input form:  Use the enter tag at the top of the form and use a SOAP call to invoke the method defined in the schema. Use the output variable to store the value returned by the JS method in a temp variable.
  • Use this temp variable value in visibleIf condition.

 

I am still working on the Schema condition. (continued..)

 


     Manoj
     Find me on LinkedIn

View solution in original post

13 Replies

Avatar

Employee Advisor

Hi @_Manoj_Kumar_ ,

You can check the following things if the code is not working as expected:

1. Ensure that the custom named right "notSuperAdmin" has been properly set up and assigned to the relevant users.

2. Your syntax for input forms & schema is correct.

3.  Make sure the named right used in the code is referenced correctly, for example: HasNamedRight('notSuperAdmin') and not hasNamedRight('notSuperAdmin') or hasNamedRight('notSuperAdmin')=true.

If the code is still not working after these checks, you may first log out of the system and log back in, also clear your cache and cookies, or restart the application to see if that resolves the issue.

Avatar

Community Advisor

Hello @akshaaga 

I have already tried all this but no luck.


     Manoj
     Find me on LinkedIn

Avatar

Community Advisor

Also, the combination that suggested not to use is working if the named right is  "admin".  


     Manoj
     Find me on LinkedIn

Avatar

Employee Advisor

 

Hi @_Manoj_Kumar_ ,

 

If the code HasNamedRight('admin') is working as expected, but the code HasNamedRight('notSuperAdmin') is not; it could be a problem with configuring the custom named right "notSuperAdmin."

 

If the custom-named right is not properly defined, the HasNamedRight function will return false for all users, regardless of their assigned rights.

For the input forms:

<container type="visibleGroup" visibleIf="!HasNamedRight('notSuperAdmin')">
<!--- some input fields here--->
</container>

For the schema:

<attribute name="email" label="email" accessibleIf="!HasNamedRight('notSuperAdmin')"/>

 

Can you try using the ! operator to negate the result of the HasNamedRight function?

The ! operator inverts the Boolean value of an expression, so if the user does not have the named right "notSuperAdmin", the expression will evaluate to true.

Avatar

Community Advisor

Hello @akshaaga 

 

I want the condition to work only in case of a true return, not for a false one. Also, negation will not work if the original condition is not returning true.

 


     Manoj
     Find me on LinkedIn

Avatar

Employee Advisor

Hi @_Manoj_Kumar_ ,

 

In that case, you can use the following approach:

def original_condition():
# original condition code
return True # or False

if original_condition():
# code to be executed only if original_condition returns True
pass

 

In this example, the original_condition function returns either True or False. The if statement checks the result of original_condition() and only executes the code inside it if the result is True. If the result is False, the code inside the if statement is skipped.

 

Regarding the other solution suggested,  I have checked, and that can be used.

The only downside is - 

the accessibleIf attribute limits access to the middleName field to only admin, user1, and user2 users. And the visibleIf attribute makes the container for the middleName field only visible for admin, user1, and user2 users. This means that other administrators will not be able to access or see the middleName field.

Avatar

Community Advisor

Hello @akshaaga 

The challenge here is the original condition HasNamedRight('notSuperAdmin') does not return anything. The response is always blank.


     Manoj
     Find me on LinkedIn

Avatar

Community Advisor

Hi @_Manoj_Kumar_ ,

I had tested it by creating named rights 'testGroup'

accessibleIf="hasNamedRight('testGroup')"

The above syntax is correct, as I can able to restrict access for particular fields to few non-Admin operators and allow the same for few non-Admin operators.

But it doesn't worked when I tried the same syntax to restrict it for few admin.

 

Instead, the below approach had worked..

Tested it with nms:recipient @middleName field

 

Schema: nms:recipient

<attribute accessibleIf="$(login)=='admin' or $(login)=='user1' or $(login)=='user2'" dataPolicy="smartCase" desc="Middle name of recipient" label="Middle name" length="30" name="middleName" sqlname="sMiddleName" type="string"/>

 

Input Form:

<container colcount="1" label="middle name" name="middle name" type="visibleGroup"
visibleIf="$(login)=='admin' or $(login)=='user1' or $(login)=='user2'">
<input xpath="@middleName"/>
</container>

 

The above solution allowed user1, user2 operators can able to see middle name, whereas other admins cant able to see middle name.

Avatar

Community Advisor

Hello @ParthaSarathy Yes, I am currently using the same. But the downside is every time a new operator wants access to this data then we will have to modify the schema.

 

The same is the case when there is a requirement to remove access.


     Manoj
     Find me on LinkedIn

Avatar

Community Advisor

Hi @_Manoj_Kumar_ ,

Considering the below scenario,

  • user1, user2, user3 are admins (has 'admin' named rights, as they are in 'Administrator' operator group)
  • user4 belongs to operatorGroup2 (non - admin)
  • user5 belongs to operatorGroup3 (non - admin)

Created a named rights 'testGroup' and assigned it to 'user4' alone (operatorGroup2)


In schema and input form, given the condition "hasNamedRight('testGroup')" for middle name field.

When logged in as 'user4' who has 'testGroup' named rights, I can see middle name.
Whereas When login as user5, I cant see middle name.
This makes a conclusion that "hasNamedRight('testGroup')" syntax works fine.

But when loggedin as admin (user1, user2, user3), though they dont have 'testGroup' named rights, can able to see middle name.
This is because administratior operator group has 'admin' named rights, and they have full access on the instance irrespective of other named rights.

So, to restrict a field for few admin account who already has full access on the instance, restricting using named rights is not helping.
$(login)=='user1' logic will work, but I agree with your point that there is a manual work to modify the schema when someone wants access or to remove. Very Glad and eager to know the optimized solution for this scenario from other community members!

Avatar

Correct answer by
Community Advisor

Update 1:

I have managed to make it work for input forms. The named right method still didn't work.

 

Here is the workaround:

  • Schema change: Create a Method in the related schema to call a JS library. Pass the named right and the output string as a parameter.
  • JS library: A function in this JS library will receive the name right as an argument. Use the Js method to check operator has the required name right or not. If the name right is found, return true else, return false.
  • Input form:  Use the enter tag at the top of the form and use a SOAP call to invoke the method defined in the schema. Use the output variable to store the value returned by the JS method in a temp variable.
  • Use this temp variable value in visibleIf condition.

 

I am still working on the Schema condition. (continued..)

 


     Manoj
     Find me on LinkedIn

Avatar

Community Advisor

Hi @_Manoj_Kumar_,

Glad that you got a workaround for your problem. Did you also check if by any chance your user with "notSuperAdmin" named right also had the "admin" named right? The condition might not have worked if the "admin" right already existed.

 

Let us know if that helped.

 

Regards,

Ishan

Avatar

Community Advisor

Hello @isahore 

 

Yes, Other operators are Admins as well. But that should not change anything.

 

I am not sure why, but the same hasNamedRight condition works in sysfilter within the same schema but does not work on an attribute.

 


     Manoj
     Find me on LinkedIn