Topic
  • 1 reply
  • Latest Post - ‏2013-05-06T20:57:58Z by nicolas.leralle
CBS3_Ian_Wilson
CBS3_Ian_Wilson
41 Posts

Pinned topic Applying security to plugin actions

‏2013-05-04T21:38:45Z |

I need to control access to some plugin actions we've created, so that only members of a specific LDAP group (or Process Role if that's possible) can click a button.

I can see there is a method on the JS repository object getUserId(), but nothing that returns a User object for the currently logged in User.

The User object would at least provide the roles that the user is a member of.

Can anyone suggest the best way of doing this, with maybe some snippets of code?

I've looked through the Samples, and ICN JS API, but nothing immediately obvious pops out.

  • nicolas.leralle
    nicolas.leralle
    100 Posts

    Re: Applying security to plugin actions

    ‏2013-05-06T20:57:58Z  

    If I were you, I'll avoid a JavaScript code to check the groups your user belongs, as it's not really secure.

    In my opinion, a custom WebService can be a way to deal with your problem. It'll be easier to maintain and you can properly handle security access (as soon as you need to be logged in to call the WebService).

    Hope this helps.

    Best regards,

     

    Nicolas