How to access custom global role in service

Mohan_Pathapataa · December 21, 2023, 6:24pm

Product/components used and version/fix level:

Cumulocity IoT Production

Detailed explanation of the problem:

I have a use case to show and hide the tab under side menu based on the specific user role. For the same I have created one global role as RYH_Admin. and assign it to a user. If the user has this role then I want to show the tab else hide it.

I created one custom service as below for the same

import { Injectable, Injector } from '@angular/core';
import { Router } from '@angular/router';
import { AppStateService, NavigatorService } from '@c8y/ngx-components';
import { combineLatest } from 'rxjs';
import { map } from 'rxjs/operators';

@Injectable()
export class CustomNavService extends NavigatorService {
    private readonly readerItemsToDisable = ['Configuration'];
    constructor(rootInjector: Injector, router: Router, appState: AppStateService) {
        super(rootInjector, router);
        this.items$ = combineLatest([this.items$, appState.currentUser]).pipe(map(([items, user]) => {
            console.log("user *****", user);
            if (user.hasGlobalRole('RYH_Admin')) // Requirement
                return items;
            }
            return this.filterItems(items, this.readerItemsToDisable);
        }))
    }
    private filterItems(items: any[], itemsToDisable: string[]): any[] {
        return items.filter(item => !itemsToDisable.includes(item.label));
    }

}

But I stuck how to check user has that global role or not. If I log user I could see the created role under groups in references. but not able to access. If I use user.roles then I am getting only permissions as ROLE_USER_MANAGEMENT_OWN_READ and ROLE_USER_MANAGEMENT_OWN_ADMIN How can I access the Role Name RYH_Admin ?

Question related to a free trial, or to a production (customer) instance?

Production

Tristan_Bastian · December 21, 2023, 9:39pm

Hi @Mohan_Pathapataa

Checking for a global role by name is in general doable, but nothing I would recommend, as you actually want to check for a permissions and not the global role name…
In case the by default existing permissions are not sufficient, you could create new ones with microservices.

The “groups” attribute of the current user can be used to get the global roles the user is assigned to.
The @c8y/client also offers a method to check for global roles assigned to a user, but only does so by id of the global role and not by name: hasAnyGlobalRole

Regards,
Tristan

Mohan_Pathapataa · December 22, 2023, 2:19pm

Hi @Tristan_Bastian

The reason why I am not checking the roles here is for the diff global role may have same permissions.

For example. I have created global role as RYH_Admin and given permission as ROLE_APPLICATION_MANAGEMENT_ADMIN for the same there is anther role admins for that role also will have same permission.

To avoid this your suggesting to create a custom permission through microservice ?

I am using cumulocity 1016.0.324 version. Shall I use hasAnyGlobalRole method ?

Regards
Mohan

Mohan_Pathapataa · December 25, 2023, 4:41pm

@Tristan_Bastian Did you get chance to look this reply ?

Regards
Mohan

Tristan_Bastian · December 26, 2023, 2:02pm

Hi Mohan,

please let me know which of your questions were not already answered by my first reply.

Regards,
Tristan

Mohan_Pathapataa · December 26, 2023, 3:21pm

Hi Tristan,

My questions were answered, I have a few following questions on it

I am using cumulocity 1016.0.324 Could I able to use this option hasAnyGlobalRole in this version ?
Do we have any example of creating new permissions through microservices?

Thanks for your assistance.

Regards,
Mohan

Tristan_Bastian · December 26, 2023, 6:48pm

Hi Mohan,

It seems the hasAnyGlobalRole method was introduced with a later version, as it is not documented for 1016: UserService | Cumulocity Web SDK
Maybe you want to include the version you are using in your initial post the next time.

you can create an application of type “MICROSERVICE” using this endpoint: Cumulocity IoT - OpenAPI Specification
A sample body for this request could look like this:

{
  "contextPath": "myapplication",
  "key": "my-application-key",
  "name": "my-application",
  "type": "MICROSERVICE",
  "description": "Dummy microservice to provide custom permissions.",
  "roles": [
      "ROLE_CUSTOMAPP_READ",
      "ROLE_CUSTOMAPP_ADMIN",
      "ROLE_CUSTOMAPP_CREATE",
      "ROLE_CUSTOMAPP_UPDATE"
  ]
}

Sam123 · December 27, 2023, 7:11am

Hi @Tristan_Bastian,

We tried creating the custom perms and it is working as expected. Can you please also tell us how to remove the custom permissions? We tried deleting our new microservice with these perms, The microservice was deleted but perms are still there. Please guide us.

Thanks,
Samanyu

system · June 24, 2024, 7:11am

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to delete a custom permission/role created through microservice Cumulocity-IoT , IoT	4	216	July 1, 2024
WebSDK: Create custom permission / role for custom Angular Application Cumulocity-IoT , IoT	3	520	May 22, 2023
How to get user roles in custom service Cumulocity-IoT , IoT	2	300	January 1, 2024
How to remove or disable the components under left drawer(side menu) in custom cockpit application Cumulocity-IoT , IoT	8	968	November 1, 2023
Check any users permissons via API Cumulocity-IoT , IoT , IoT-Platform	5	325	September 26, 2023

How to access custom global role in service

Product/components used and version/fix level:

Detailed explanation of the problem:

Question related to a free trial, or to a production (customer) instance?

Related topics