Question

Constraint what a user can see

0

Dear, I want to model the following situation. We have two entities, students and mentors. In each entity there are a lot of objects. So for example we have 8 objects of mentor, so we have 8 mentors. Each mentor has an unique MentorID. No I want that when I login with a user with the role mentor, I can only see the patients which belong to me. I tried to extend the accounts with MentorID. So when the administrator makes a new account, he also has to fill in the MentorID (if he makes an mentor). Then I tried to make a XPath constraint on the entity access of student which says that [MyFirstModule.Mentor_Student/MyFirstModule.Mentor/MentorID= ..... ] At the place of ..... I don't know what to fill in. Most logical to me seems to fill in System.owner/Administration.Account/EmployeeID. It doesn't give me an error, but I cannot see any student anymore when I login as a mentor, although I am sure that the mentor I'have login with has a lot of students assigned to. What can I do?

asked 2013-06-07

Berend-Bram Heinen

3 answers

Rom van Arendonk · Answer 1 · 2013-06-07

If mentors are able to log in, you could model it as follows:

Create a Mentor entity which inherits from Administration.Account
Create an entity access rule on the Student entity to say [Student_Mentor = '[%CurrentUser%]'].

Stephan Numan · Answer 2 · 2013-06-07

Set entity access on the student entity for the role mentor with an xpath which will goto from the student to it's mentor to the associated account for that mentor and check against currentuser, something like: [MyFirstModule.MentorStudent/MyFirstModule.Mentor/MyFirstModule.MentorAccount = '[%CurrentUser%]']

Berend-Bram Heinen · Answer 3 · 2013-06-07

Unfortunatly nothing of above works for me. What is exactly the full XPath constraint I have to fill in? It also doesn't work if I want to constraint on only the mentors. So when a particular mentor logs in, he or she only wants to see his own object in the entity mentors. I tried [MentorID = System.owner/Administration.Account/EmployeeID] but it doesn't worked. The strange thing is: [MentorID = '1234'] does work so when a user logs in he or she only sees the mentor with ID 1234. So it goes wrong in retrieving the EmployeeID of a user which I has made. So what I thought after your comments was that I used the following XPath constraint on the entity access of mentor:

[System.owner='[%CurrentUser%]'] [MentorID = System.owner/Administration.Account/EmployeeID]

But by doing this, a new mentor account couldn't see any mentor although the employeeID of the doctor matches the mentorID.