Found out that when a User is only in one group and not in a group with other Groups to solution from previus post does not work. The user sees no data.
How could i Grant Access as follows:
If a User is not in RPL$GROUPS_RIGHTS then C_No is session[‘Login.ou’]
The Probelm is here:
if (name === ‘filter’)
return “C_NO IN (SELECT DISTINCT CAMP_NO FROM RPL$GROUPS_RIGHTS WHERE
GROUP_NO = (SELECT GROUP_NO FROM RPL$GROUPS WHERE gidNumber = '” + session[‘Login.gidNumber’] + “') )”;
Since a wile i am trying with IFNULL:
C_NO IN (SELECT DISTINCT CAMP_NO FROM RPL$GROUPS_RIGHTS WHERE
GROUP_NO = (IFNULL((SELECT GROUP_NO FROM RPL$GROUPS WHERE gidNumber = ‘" + session[‘Login.gidNumber’] + "’),‘" + session[‘Login.ou’] + "’)
The easiest solution is to ensure that all users belong to one of the required groups.
Another approach would be to create a VIEW over the RPL$GROUPS table in the LDAP database that will adjust the data so that will work with old (ie already exsting) filters. That solution would be way easier to maintain later, as well it will be easier to create and debug if needed.
Another approach would be to create a VIEW over the RPL$GROUPS table in the LDAP database that will adjust the data so that will work with old (ie already exsting) filters.
Try to find out if / how i could do this.
Shalom
Manfred
You still have a database. This database can perform queries to the LDAP in the SQL way (otherwise filters wouldn’t work). You can add the view to your database.
No. What I would do (however it depends on how often the LDAP data changes and how fast these changes should be ‘seen’ by the app) is:
Create a table in the app database with the structure that would allow me to simplify my filters
Create a job that runs every (f.e.) 30 mins using How to Create Scheduled Events in MySQL Databases . This job would gather data from LDAP data, clean it up, index it and then put it to the abovementioned table
The idea is to use in filters not the RPL$GROUPS_RIGHTS , RPL$GROUPS and such tables but your own one, with fine-tuned indexes and the data you need.
I did not find a description in the Docu how to store the Filter for a session. Could you help here or point me to the right place in the Documentation…
Still try to figure out how to store the filter in the Session. I am not sure where to put this?
Do i have to create a special event?
Session[‘SessionVariable_camp_filter’] := “C_NO IN (SELECT DISTINCT CAMP_NO FROM LDAP_GROUP_RIGHTS WHERE
GROUP_NO = (SELECT cn FROM LDAP_GROUPS WHERE gidNumber = '” + session[‘Login.gidNumber’] + “’) )”;
In any place of the JS code. F.e. you could do this in onUnknownSqlMacroIdentifier - you’d need to check the session variable content and if it is empty - recalculate it
These quotation symbols - not sure if they are understood by the script engine. And for sure they differ from the usual " one. Could you try to replace them with ’ ?
if i use function afterLogin(userName, parameters) this is not shown at all in the logfile.
If i place it under function onUnknownSqlMacroIdentifier(name) it works.
My problem is just i whant the result of this:
“C_NO IN (SELECT DISTINCT CAMP_NO FROM LDAP_GROUP_RIGHTS WHERE
GROUP_NO = (SELECT cn FROM LDAP_GROUPS WHERE gidNumber = '” + session[‘Login.gidNumber’] + “') )”;
in the variable ant not the SQL itself. So the SQL would only be called once. Bequase of this afterLogin would be usefully?
afterLogin is a very special thingie that cannot be set via UI. You’ll have to go directly to the domain storage place, open the Domain.config file and to add there parameter with the script source
<Configuration Parameter="BusinessRulesScript" Value="function afterLogin(){log('!!! Finally, Im here');log(JSON.stringify(session)); // put your code here}" />
You need to close the Relativity server before editing this file