web reporting using mORMot

warleyalex · 2014-04-29 13:03:37

I started testing synpdf to produce reports and I've created a lightweight server reporting service using mORMot. I want to view my reports dynamically using javascript. After logging into server, I just have to pass parameters and use the service behind the scenes. Is it possible to create kind of user and role based permissions to access reports?
user can only access rpt1, rpt3, rpt6
guest can only access rpt1, rpt2, rpt3
Admin can only access rpt1, rpt2, rpt3, rpt4, rpt5, rpt6

http://10.0.2.2/services/RptEmployee?p1 … 146f847397

procedure RptEmployee
begin
if not checkUserAuthorized(string role) then // Check is a given user is authorized to access current report
valid := false
else valid := true; //process report

Last edited by warleyalex (2014-04-29 17:57:23)

ab · 2014-04-29 21:21:14

Why not use integrated authentication (even in weak mode), then just check the group of the authentication user in the method?

You can use the threadvar ServiceContext.Request.SessionGroup (if ServiceContext.Request.Session>1).

warleyalex · 2014-04-30 15:17:06

My method is using method-based services, not interface-based service. It seems that "ServiceContext" can be accessed to retrieve the currently running context on the server side using interface-based service.

My service method is associated to TSQLRestServerFullMemory class
"ServiceContext.Request.SessionGroup" using in service based method it returns a 500 (Internal Server Error).
{
"ErrorCode":500,
"ErrorText":"Exception EAccessViolation: Access violation at address 00A7CE02 in module 'Servidor.exe'. Read of address 00000060"
}

ab · 2014-04-30 16:31:50

Does it mean that ServiceContext.Request=nil ?
Sounds pretty weird.

warleyalex · 2014-04-30 20:15:53

my EchoString method:
----------------------
if Assigned(ServiceContext.Request) then
ShowMessage(IntToStr(ServiceContext.Request.SessionGroup)); //don't display any msg
Ctxt.Results([value]);

http://127.0.0.1:8080/myservice/EchoStr … 0dd10f5cf6
--> result is: {"result":"abcd"}
--> server don't display any message (ServiceContext.Request is not assigned)

my GetSessionGroup - interface-based service:
---------------------------------------------
http://127.0.0.1:8080/myservice/Calc.Ge … 1fcde5fbf2
result is for Admin: {"result":{"Result":"1"}}
result is for User: {"result":{"Result":"3"}}
result is for Supervisor: {"result":{"Result":"2"}}

ab · 2014-05-01 18:27:56

But... for method-based services, you have the Ctxt: TSQLRestServerURIContext supplied as parameter!
So you do not need to use the threadvar ServiceContext.Request, just Ctxt.Request...

warleyalex · 2014-05-01 20:20:18

It worked like a champ. The idea was create CheckIfCanRun to check if current usergroup can access RptEmployee.

http://10.0.2.2:8080/myservice/RptEmplo … 0dd10f5cf6

CheckIfCanRun(Ctxt, [1, 2, 3]) --> (any user) can access RptEmployee report.
CheckIfCanRun(Ctxt, [2, 3]) --> (only Supervisor and User) can access RptEmployee report.
CheckIfCanRun(Ctxt, [1, 3]) --> (only Admin and User) can access RptEmployee report.

function TServiceServer.CheckIfCanRun(const Ctxt: TSQLRestServerURIContext; const Values: array of Integer): Boolean;
var
  I: Integer;
begin
  Result := False;
  for I := Low(Values) to High(Values) do
    if (Ctxt.SessionGroup) = Values[i] then
    begin
      Result := True;
      Break;
    end;
end;

Thank you

mORMot Open Source

#1 2014-04-29 13:03:37

web reporting using mORMot

#2 2014-04-29 21:21:14

Re: web reporting using mORMot

#3 2014-04-30 15:17:06

Re: web reporting using mORMot

#4 2014-04-30 16:31:50

Re: web reporting using mORMot

#5 2014-04-30 20:15:53

Re: web reporting using mORMot

#6 2014-05-01 18:27:56

Re: web reporting using mORMot

#7 2014-05-01 20:20:18

Re: web reporting using mORMot

Board footer