From a7ef0605c70a12acd813417883422dda55107f18 Mon Sep 17 00:00:00 2001 From: Marten Schiwek Date: Wed, 15 May 2024 14:41:58 +0200 Subject: [PATCH 1/2] Update fiori.md --- advanced/fiori.md | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/advanced/fiori.md b/advanced/fiori.md index 593242751..10b181143 100644 --- a/advanced/fiori.md +++ b/advanced/fiori.md @@ -485,6 +485,47 @@ SELECT.from(Books.drafts) //returns all drafts of the Books entity [Learn how to query drafts in Java.](../java/fiori-drafts#draftservices){.learn-more} +## Use user roles to toggle visibility of UI elements + +In some use cases you might want to hide parts of the UI for specific users. This is possible by using the respective UI annotations like `@UI.Hidden` or `@UI.CreateHidden` in conjunction with '$edmJson' pointing to a singleton. + +First you would define the [singleton](../advanced/odata#singletons) in your service and annotate it also with ['@cds.persistency.skip'](../guides/databases#cds-persistence-skip) so that no database artefact is created. + +```cds + @odata.singleton @cds.persistency.skip + entity Configuration { + key ID: String; //A key is technically not required as it is a singleton, however without it some consumers might run into problems + isAdmin : Boolean; + } +``` + +Secondly define an on handler for serving the request + +```js +srv.on('READ', 'Configuration', async req => { + req.reply({ + isAdmin: req.user.is('admin') //admin is the role, which for example is also used in @requires annotation + }); +}); +``` + +and thirdly refer to the singleton in the annotation by using a [dynamic expression](../advanced/odata#dynamic-expressions) + +```cds +annotate service.Books with @( + UI.CreateHidden : { $edmJson: {$Not: { $Path: '/CatalogService.EntityContainer/Configuration/isAdmin'} } }, + UI.UpdateHidden : { $edmJson: {$Not: { $Path: '/CatalogService.EntityContainer/Configuration/isAdmin'} } }, +); +``` + +The Entity Container is OData specific and refers to the '$metadata' of the OData service in which all accessible entities are located within the Entity Container. SAP Fiori elements also allows to not include it in the path: + +```cds +annotate service.Books with @( + UI.CreateHidden : { $edmJson: {$Not: { $Path: '/Configuration/isAdmin'} } }, + UI.UpdateHidden : { $edmJson: {$Not: { $Path: '/Configuration/isAdmin'} } }, +); +``` ## Value Helps From 1471f108a20ebeb02ef0f1dab920cd3e061b08e1 Mon Sep 17 00:00:00 2001 From: Rene Jeglinsky Date: Wed, 10 Jul 2024 12:43:43 +0200 Subject: [PATCH 2/2] edits --- advanced/fiori.md | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/advanced/fiori.md b/advanced/fiori.md index 10b181143..7f52f0d2d 100644 --- a/advanced/fiori.md +++ b/advanced/fiori.md @@ -485,21 +485,22 @@ SELECT.from(Books.drafts) //returns all drafts of the Books entity [Learn how to query drafts in Java.](../java/fiori-drafts#draftservices){.learn-more} -## Use user roles to toggle visibility of UI elements +## Use Roles to Toggle Visibility of UI elements -In some use cases you might want to hide parts of the UI for specific users. This is possible by using the respective UI annotations like `@UI.Hidden` or `@UI.CreateHidden` in conjunction with '$edmJson' pointing to a singleton. +In addition to adding [restrictions on services, entities, and actions/functions](/guides/security/authorization#restrictions), there are use cases where you only want to hide certain parts of the UI for specific users. This is possible by using the respective UI annotations like `@UI.Hidden` or `@UI.CreateHidden` in conjunction with `$edmJson` pointing to a singleton. -First you would define the [singleton](../advanced/odata#singletons) in your service and annotate it also with ['@cds.persistency.skip'](../guides/databases#cds-persistence-skip) so that no database artefact is created. +First, you define the [singleton](../advanced/odata#singletons) in your service and annotate it with [`@cds.persistency.skip`](../guides/databases#cds-persistence-skip) so that no database artefact is created: ```cds - @odata.singleton @cds.persistency.skip - entity Configuration { - key ID: String; //A key is technically not required as it is a singleton, however without it some consumers might run into problems - isAdmin : Boolean; - } +@odata.singleton @cds.persistency.skip +entity Configuration { + key ID: String; + isAdmin : Boolean; +} ``` +> A key is technically not required, but without it some consumers might run into problems. -Secondly define an on handler for serving the request +Then define an `on` handler for serving the request: ```js srv.on('READ', 'Configuration', async req => { @@ -509,7 +510,7 @@ srv.on('READ', 'Configuration', async req => { }); ``` -and thirdly refer to the singleton in the annotation by using a [dynamic expression](../advanced/odata#dynamic-expressions) +Finally, refer to the singleton in the annotation by using a [dynamic expression](../advanced/odata#dynamic-expressions): ```cds annotate service.Books with @( @@ -518,14 +519,16 @@ annotate service.Books with @( ); ``` -The Entity Container is OData specific and refers to the '$metadata' of the OData service in which all accessible entities are located within the Entity Container. SAP Fiori elements also allows to not include it in the path: +The Entity Container is OData specific and refers to the `$metadata` of the OData service in which all accessible entities are located within the Entity Container. +:::details SAP Fiori elements also allows to not include it in the path ```cds annotate service.Books with @( UI.CreateHidden : { $edmJson: {$Not: { $Path: '/Configuration/isAdmin'} } }, UI.UpdateHidden : { $edmJson: {$Not: { $Path: '/Configuration/isAdmin'} } }, ); ``` +::: ## Value Helps