#1 2014-04-29 13:03:37

warleyalex
Member
From: Sete Lagoas-MG, Brasil
Registered: 2013-01-20
Posts: 250

web reporting using mORMot

I started testing synpdf to produce reports and I've created a lightweight server reporting service using mORMot. I want to view my reports dynamically using javascript. After logging into server, I just have to pass parameters and use the service behind the scenes. Is it possible to create kind of user and role based permissions to access reports?
user can only access rpt1, rpt3, rpt6
guest can only access rpt1, rpt2, rpt3
Admin can only access rpt1, rpt2, rpt3, rpt4, rpt5, rpt6

http://10.0.2.2/services/RptEmployee?p1 … 146f847397

procedure RptEmployee
begin
  if not checkUserAuthorized(string role)  then  // Check is a given user is authorized to access current report
    valid := false
     else valid := true; //process report

Last edited by warleyalex (2014-04-29 17:57:23)

Offline

#2 2014-04-29 21:21:14

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,661
Website

Re: web reporting using mORMot

Why not use integrated authentication (even in weak mode), then just check the group of the authentication user in the method?

You can use the threadvar ServiceContext.Request.SessionGroup (if ServiceContext.Request.Session>1).

Offline

#3 2014-04-30 15:17:06

warleyalex
Member
From: Sete Lagoas-MG, Brasil
Registered: 2013-01-20
Posts: 250

Re: web reporting using mORMot

My method is using method-based services, not interface-based service. It seems that "ServiceContext" can be accessed to retrieve the currently running context on the server side using interface-based service.

My service method is associated to TSQLRestServerFullMemory class
"ServiceContext.Request.SessionGroup" using in service based method it returns a 500 (Internal Server Error).
{
"ErrorCode":500,
"ErrorText":"Exception EAccessViolation: Access violation at address 00A7CE02 in module 'Servidor.exe'. Read of address 00000060"
}

Offline

#4 2014-04-30 16:31:50

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,661
Website

Re: web reporting using mORMot

Does it mean that ServiceContext.Request=nil ?
Sounds pretty weird.

Offline

#5 2014-04-30 20:15:53

warleyalex
Member
From: Sete Lagoas-MG, Brasil
Registered: 2013-01-20
Posts: 250

Re: web reporting using mORMot

my EchoString method:
----------------------
  if Assigned(ServiceContext.Request) then
      ShowMessage(IntToStr(ServiceContext.Request.SessionGroup));  //don't display any msg
  Ctxt.Results([value]);

http://127.0.0.1:8080/myservice/EchoStr … 0dd10f5cf6 
--> result is:  {"result":"abcd"}
--> server don't display any message (ServiceContext.Request is not assigned)

my GetSessionGroup - interface-based service:
---------------------------------------------
http://127.0.0.1:8080/myservice/Calc.Ge … 1fcde5fbf2
result is for Admin: {"result":{"Result":"1"}}
result is for User: {"result":{"Result":"3"}}
result is for Supervisor: {"result":{"Result":"2"}}

Offline

#6 2014-05-01 18:27:56

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,661
Website

Re: web reporting using mORMot

But... for method-based services, you have the Ctxt: TSQLRestServerURIContext supplied as parameter!
So you do not need to use the threadvar ServiceContext.Request, just Ctxt.Request...
smile

Offline

#7 2014-05-01 20:20:18

warleyalex
Member
From: Sete Lagoas-MG, Brasil
Registered: 2013-01-20
Posts: 250

Re: web reporting using mORMot

It worked like a champ. The idea was create CheckIfCanRun to check if current usergroup can access RptEmployee.

http://10.0.2.2:8080/myservice/RptEmplo … 0dd10f5cf6

CheckIfCanRun(Ctxt, [1, 2, 3]) --> (any user) can access RptEmployee report.
CheckIfCanRun(Ctxt, [2, 3])    --> (only Supervisor and User) can access RptEmployee report.
CheckIfCanRun(Ctxt, [1, 3])    --> (only Admin and User) can access RptEmployee report.

function TServiceServer.CheckIfCanRun(const Ctxt: TSQLRestServerURIContext; const Values: array of Integer): Boolean;
var
  I: Integer;
begin
  Result := False;
  for I := Low(Values) to High(Values) do
    if (Ctxt.SessionGroup) = Values[i] then
    begin
      Result := True;
      Break;
    end;
end;

Thank you

Offline

Board footer

Powered by FluxBB