Entity Rights
The role and module systems combined form a set of rights the user has. These rights are, in essence, the types of access the user has on an entity. To retrieve these rights in detail a client can use the function GetEntityRights. The function has one optional parameter. The function without the parameter retrieves the entity rights of the current user. The result is a collection of EntityRightSummary objects.
The collection can be used to determine in detail if the client application is allowed to Read, Create, Write or Delete data for every entity or even individual properties. There are also a few special cases where there is an additional condition linked to the entity. In these cases rights are split per EntitySet, per condition. Each entity has the following properties:
| Property | Type | Description |
|---|---|---|
| EntityRightId | Edm.Int32 | A unique id for the entityright. |
| EntitySetName | Edm.String | Name of the EntitySet. When condition and modulename properties are null these are the default rights of this EntitySet. Additional rights could be available when a specific module is active, modulename is filled with the name of the module, or for a specific condition. In this case condition is filled. Conditions are linked to the EntitySet and there should be extra information about the conditions in the reference of that EntitySet. |
| EntitySetProperty | Edm.String | Default null. When there are specific rights to a property (e.g the EntitySet can be read but a specific property is hidden) these additional rights are added using the combination of entitysetname and entitysetpropertyname. |
| Reading | Edm.Boolean | True when the client is allowed to read, false when not allowed to read. |
| Writing | Edm.Boolean | True when the client is allowed to write, false when not allowed to write. |
| Deleting | Edm.Boolean | True when the client is allowed to delete the entity, false when not allowed to delete the entity. |
| Creating | Edm.Boolean | True when the client is allowed to create the entity, false when not allowed to create the entity. |
| FullControl | Edm.Boolean | True when allowed to change access rights to this entity, false when not allowed to change access rights. (admin only) |
| Condition | Edm.String | When the condition property contains a value this is always an additional right when the condition is met. The default rights should be used when the condition is not met. When there is a condition there is always a right of the same EntitySet but without a condition (with a value of null). These should be interpreted as the default rights of the EntitySet. |
| RoleName | Edm.String | Filled with the role name of the client user. Because users can only have one role this can be interpreted as the users role. This is helpful for generic solutions which are used for multiple roles (e.g Cabman Online). |
| ModuleName | Edm.String | Default null. Filled with the name of the module when there are rights that override the default when a specific module is available for the current client user. |
Examples
NOTE: The examples are shown in the “application/json” wire-format. When using one of the other formats the output is a bit different but contains the same properties and data. The reason for the json format is that it's the most readable for print.
Absence rights when account is a transporter
{
"EntityRightId" : 2,
"EntitySetName" : "Absences",
"EntitySetProperty" : null,
"Reading" : true,
"Writing" : true,
"Deleting" : true,
"Creating" : true,
"FullControl" : false,
"Condition" : null,
"RoleName" : "Transporter",
"ModuleName" : null
}
Absence rights when account is a driver
{
"EntityRightId" : 2,
"EntitySetName" : "Absences",
"EntitySetProperty" : null,
"Reading" : true,
"Writing" : false,
"Deleting" : false,
"Creating" : false,
"FullControl" : false,
"Condition" : null,
"RoleName" : "Driver",
"ModuleName" : null
}
Amount contractor rights when account is transporter
{
"EntityRightId" : 9,
"EntitySetName" : "Amounts",
"EntitySetProperty" : null,
"Reading" : true,
"Writing" : true,
"Deleting" : true,
"Creating" : true,
"FullControl" : false,
"Condition" : "Contractor",
"RoleName" : "Transporter",
"ModuleName" : null
}
Checking a single Entity Right
It's also possible to check if certain operation is allowed for a single entity. Use the function CheckUserRights. This function has three parameters.
- entitysetId; Which entityset to check. This must be the index of the EntitySet enumeration. See reference for more details.
- operations; The operations you want to perform. Bitmask Enumeration with the following values: 1=read,2=Write,4=Delete,8=create,16=fullcontrol.
- entityId; Optional. Let the system also check if the current user has access to the specified entity. Only relevant in read, change and delete operations.
The result of the function is a Boolean true if allowed, false if not.