mORMot Open Source

Horbs

Member

Registered: 2014-04-20

Posts: 22

Problems creating a new TSQLAuthGroup entry

Dear List
  I have a requirement to allow potential Customers to register in order to gain User access to the mORMot Server.
  The Server uses the Service Oriented Architecture and SQLite.
  I thought of doing this as follows.
      1. Create a TSQLApplicant table that contains Customer Contact information for the "Applicant" (the person wishing to register).
      2. Allow the Applicant to submit their details from the "Client" using a SQLAuthUser login "Applicant".
      3. Alter the SQLAuthGroup to ensure that user "Applicant" only has WRITE Access to the TSQLApplicant table - and no other tables. (The Admin staff will view the Applicant records on a daily basis and  "register" (create a User login) for those Applicants who are approved.
  My test Server defines "RSvrDB.ServiceDefine(TServiceApplicant, [IUsrApplicant], sicShared);", which only contains one method - that being to create a new TSQLApplicant record.
  Security is enabled via "TSQLRestServerAuthenticationDefault".
  I've used the following code to update the TSQLAuthGroup table :
 
  ...
  begin
  tblIndex :=  Model.GetTableIndex(TSQLApplicant);
  AuthGrp := TSQLAuthGroup.Create(RSvrDB, 'Ident = ?', ['Applicant']);
    C := True; R := False; U := False; D := False; //Only Create enabled
    AuthGrp.Ident := 'Applicant';
    AuthGrp.SessionTimeout := 60;
    rights := AuthGrp.SQLAccessRights;
    rights.Edit(tblIndex, C, R, U, D);
    rights.AllowRemoteExecute := [reService];
    AuthGrp.SQLAccessRights := rights;
    grpID := RSvrDB.AddOrUpdate(AuthGrp, True);   //   .Add(AuthGrp);
    ...
    goes on to register the AuthUser "Applicant" login.
   
The AuthGroup now contains the value "2,0,3,0,0,0" for AccessRights.
(GetTableIndex(TSQLApplicant) returns an Index of 3).
And, the AuthUser entry for "Applicant" has the value 5 in the GroupRights column, which is the TID value for the "Applicant" AuthGroup entry.

But, when I log in to the Client as "Applicant", I'm not prevented from performing ALL the CRUD operations on all the tables, and I can perform all CRUD operations on Applicant (not just "Create", so the new AuthGroup setting seems to have no effect).
I've spent of lot of time reading the SAD 1.18 PDF and searching the Forum, but I just can't figure out what I'm doing wrong (going nuts).

So, I guess I have two questions :
  1. Is my approach to this requirement appropriate?
and
  2. If Yes, could someone point me to an example of how to perform this task? (None of the mORMot examples seem to do this)
 
Many thanks All. ANY advice would be deeply appreciated.

Horbs

Last edited by Horbs (2021-01-18 10:45:54)