cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Fiori Elements Transactional App Authorizations Problem

smith_john
Active Participant

on ‎08-19-2020 6:12 PM

0 Kudos

Hi all,

I have built a Fiori Elements app, it's a list report app with transactional capabilities, it's running on a 1909 system, it uses CDS, BOPF, Draft etc.

In my VDM I have created a custom authorization object to limit what users can see/change and a DCL for the consumption view and the transactional view.

This seems to work perfectly until the user tries to edit an object, in edit mode the user can see items they should not. I have read some help files but it's not clear why this happens.

Does anyone have any tips and tricks for overcoming this issue?

see below:

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

ivo_vollrath
Active Participant
‎08-21-2020 6:53 PM

Hi Neil,

for Draft instances, there is only a very simple authorization check: whether the instance has been created by the user or not. There is no auth check for subnodes either. It is just on root node level.

As a consequence, if users can create drafts while they have only limitted read access to the corresponding active instance, the non-authorized parts must not be transferred to the draft in the first place (-> custom implementation in method create_draft_for_active_entity).

Unfortunately, this makes the activation of the draft more complicated, as well. Care must be taken that the parts missing in the draft will not be deleted on the active side during activation (-> custom implementation in method copy_draft_to_active_entity). If you use annotation @Objectmodel.writeActivePersistence, you may want to have a look at the signature of the helper class which is used by the default implementation of copy_draft_to_active_entity: you can pass a list of BO nodes which shall not be copied. This might be helpful.

Kind Regards,

Ivo

Show replies
Show replies
Ask a Question