Today, you can benefit from a powerful feature to filter access to data, which is essential for preventing malicious access to your application.
This feature uses privileges that allow certain actions on your data. These privileges are assigned to users through roles and stored in the Session during authentication.
In 4D 20 R6, we enhanced this functionality by allowing you to inspect the privileges in the Session, which is very helpful for debugging.
Keep reading to learn more.
a New getPrivileges() function on the Session object
Let’s look at an example.
In the roles.json file, we have the medium privilege containing the simple privilege. The Medium role contains the medium privilege.
{
"privileges": [
{
"privilege": "simple",
"includes": []
},
{
"privilege": "medium",
"includes": [
"simple"
]
}
],
"roles": [
{
"role": "Medium",
"privileges": [
"medium"
]
}
],
"permissions": {
"allowed": [] // Set up the allowed actions here
}
}
In the Datastore class, there is an authentify() function that assigns all the privileges of the given role to the Session.
exposed Function authentify($role : Text) : Text
Session.clearPrivileges()
Session.setPrivileges({roles: $role})
return "Authentication done with "+$role
In the Datastore class, a getPrivileges() function has also been implemented. It returns the privileges in the Session.
exposed Function getPrivileges() : Collection
return Session.getPrivileges()
If the authentify() function is called with the Medium role, the getPrivileges() function returns:
[
"simple",
"medium"
]
New /$info/privileges RESt API
There is also a new REST API to get the privileges in the Session. Calling /$info/privileges in the example above also returns:
{
"privileges": [
{
"privilege": "simple"
},
{
"privilege": "medium"
}
]
}
This makes debugging easier. Check the documentation to learn more.