Filter user roles selection.

I have a custom user add screen.  When the user clicks to select one or more roles, the reference selector shows a popup with a DataGrid. *I have a working MF* that filters the list (pulls directly from System.UserRoles), but doing so removes my ability to use the “Select” button, which was also set as the default for double click.  I need the MF in order to filter items based on user role (I don’t want “super users” to be able to select the Administrator role, except other Administrators).   I’m not sure why a simple thing like this is so complicated to figure out. I have no choice it seems but to “roll my own” buttons for this simple task, but how do I select, close, and return the selected item?  As well, I would need to close the popup without selecting anything (cancel), thanks. Things I already tried:  Create a non-persisted object for the popup.  A MF pulls and filters the roles.  Does not work, as the same issue occurs over associations (cannot use built-in buttons). Filter the list using XPath on the current user role (I’m very surprised this is not possible – or at least, I haven’t found anything anywhere that works).   I could create a new “MyUserRole” entity that inherits from UserRole, perhaps, then add a calculated (MF) attribute to filter on, but I don’t want to assign custom entities for this if possible.
2 answers

Hi James,

I don’t know your exact requirements, but a way to solve this problem is to just use Xpath and update the security on your entity with an Xpath constraint that will restrict the Superuser from seeing Administrators. That will look like this in your domain model:

Now for your account selector page, just use Xpath and you will see that a SuperUser will not be able to add administrators.

If you don’t want the SuperUser to be able to select the administrator from a role selector, then simply go to your project security and let SuperUsers only be able to manage themselves:

With the configuration above, a SuperUser will not be able to select an Admin role from the role list


I hope this helps!



You can do something like this in your mf;

- add a retrieve on userrole of current user with an xpath like; [System.UserRoles = $currentUser]

- add another retrieve of all user roles

- if current user has a user role named 'super user’ than remove/block admin user role to select from list or so ...