问题
The short way to ask this question is this; Does anyone know if it's possible to use the parameters supplied to the signup method on the api to conditionally set the role of the newly created user?
Now for a more detailed question;
I am working on an app that has users of several different types that I'd like to assign a backand security Role to. I am trying to conditionally set a users role based on a parameter that is supplied to the Backand signup method, but I cannot figure out how to read the values that are sent into the parameters object when defining a security action that happens on creation.
In my angular signup controller on the client, the isManager role is set based on the route of the request.
if (isManager) {
params = {
manager: isManager,
};
}
return this.Backand.signup(firstName, lastName, email, password, confirmPassword, params)
.then((result) => {...
That call works and creates a new user object, and I can even change the role of the user object to be a Manager when the create method is called as per this note and subsequent example.
Note: For security reasons you cannot change the role from the sign-up API - this can only be accomplished either by having an admin change the appropriate settings on the Security & Auth -> Registered Users page, or by creating a custom server-side action with Admin rights. Create new Security Action in Before Create trigger with the following code (this will update the role to 'Public'):
Which is found here; http://docs.backand.com/en/latest/apidocs/security/#sign-up
I have added logic similar to that in the example there, but I am wondering if I can add some conditional logic based on the supplied parameters. Here is my attempt;
function backandCallback(userInput, dbRow, parameters, userProfile) {
// write your code here
if (parameters && parameters.manager) {
userInput.Role = 'Manager';
}
return {};
}
This does not work though, and when I attempt to add a console.log that will show me what the parameters object looks like, but that log message is never generated. I have of course put the application in debug mode and the message is generated when I test the security action from the Backand UI but it does not log when I call the method via the api.
Does anyone know if it's possible to use the parameters supplied to the signup method on the api to conditionally set the role of the newly created user?
回答1:
You can send parameters to signup action and implement your Role assignment logic there.
Here is an example signup request body
{
"firstName": "string",
"lastName": "string",
"email": "{{username}}",
"password": "123456",
"confirmPassword": "123456",
**"parameters":{ "userType" :"manager"}**
}
Now as stated in the docs add a custom server-side Javascript Security action in before Create which looks like this:
'use strict';
function backandCallback(userInput, dbRow, parameters, userProfile) {
// write your code here
userInput.Role = 'Public';
if(parameters.userType =='manager')
userInput.Role = 'Manager';
return {};
}
For the above to work I've added a new 'Manager' Role ( Security & Auth --> Security Template --> Add role)
来源:https://stackoverflow.com/questions/37780127/how-to-use-backand-security-action-parameters