Question

Filtering roles

4

Hi, I've copied the System.UserRole_Select dialog with the purpose of creating a version that only shows roles that the logged on user can grant, so there will be no error on save when the user selects for example an admin role. On the copied dialog I've set an xpath constraint. Because I could not get it to work I simplified the constraint to: [Name='Developer'] hoping to see only 1 UserRole in the dialog. It still shows all roles however. What am I missing?

asked 2010-02-16

Enzo Ciriello

6 answers

Jonathan Veldhuizen · Answer 1 · 2010-02-17

At this moment there is no way to use associations of '[%CurrentObject%]'. In fact, to realize your dialog it should be possible to approach the association 'grantableRoles' from the child side. Unfortunately, this is not possible now.

Fedor Klinkenberg · Answer 2 · 2010-02-16

Did you set your Xpath constraint on the reference set selector widget? Setting the same kind of Xpath constraint on the whole reference set selector widget is working in my project.

Secondly, a workaround might be using the Xpath constraint the other way around, like: [Name != 'MxAdministrator'][Name != 'Employee'] etc.

Enzo Ciriello · Answer 3 · 2010-02-16

Thanks, now the filtering works.

Remains the ssue how to show only the grantable roles. I can't find an xpath query to do so. Tried a lot, but I only can get the roles of the current user, not the roles the current user may grant.

I looks to me the xpath can traverse the association grantableRoles only in one direction where I am searching for something like: SELECT UserRole FROM UserRoles WHERE id IN (SELECT GrantableRole FROM UserRoles WHERE userid = CurrentUser) << I know this is fake SQL !!>>

I sometimes get an error about a single call of association to reversed...

Anyway, any hints appreciated. It is not a big issue, but I prefer the user not to select roles he cannot save anyway.

Michel Vermeer · Answer 4 · 2010-02-17

Enzo,

the hint is that you need to use the 'selfreference' on System.Userrole called 'Grantable roles'.

The Xpath looks something like this: //Userrole/Grantableroles/Userrole/Userrole_User = [%CurrentObject%]

Enzo Ciriello · Answer 5 · 2010-02-17

Michel,

Thanks for the advice. I've tried yesterday all kinds of variations with grantableRoles. I can get the roles of the user visible, but not the roles grantable.

I tried stuff like [System.UserRoles/RLA.AppUser[id='[%CurrentUser%]']/System.UserRoles[System.grantableRoles/System.UserRole]]

and

[System.grantableRoles/System.UserRole/System.UserRoles/RLA.AppUser/id='[%CurrentUser%]']

But everytime I think I found a way to the solution I get a message:

The predicate of an association step can only contain a single call to function 'reversed'

or I just get the Roles of the user instead of the roles this user can grant.

Can somebody explain the message?

Is there a way to use associations of '[%CurrentObject%]' or '[%CurrentUser%]' so I could do

['[%CurrentUser%]'/System.UserRoles/System.grantableRoles='[%CurrentObject%]']

Fedor Klinkenberg · Answer 6 · 2010-02-16

I've faced the same problem. What I did is using the Xpath constraint the other way around, like: [Name != 'MxAdministrator'][Name != 'Employee'] etc.
Still, it's a workaround.