Skip to content

Commit 4ebeb33

Browse files
schiwekMrenejeglinsky
schiwekM
and
renejeglinsky
authored
Added section to describe how parts of the UI can be hidden based on user role (#940)
* Update fiori.md * edits --------- Co-authored-by: Rene Jeglinsky <rene.jeglinsky@sap.com>
1 parent 8c8dea8 commit 4ebeb33

File tree

1 file changed

+44
-0
lines changed

1 file changed

+44
-0
lines changed

advanced/fiori.md

+44
Original file line numberDiff line numberDiff line change
@@ -483,6 +483,50 @@ SELECT.from(Books.drafts) //returns all drafts of the Books entity
483483

484484
[Learn how to query drafts in Java.](../java/fiori-drafts#draftservices){.learn-more}
485485

486+
## Use Roles to Toggle Visibility of UI elements
487+
488+
In addition to adding [restrictions on services, entities, and actions/functions](/guides/security/authorization#restrictions), there are use cases where you only want to hide certain parts of the UI for specific users. This is possible by using the respective UI annotations like `@UI.Hidden` or `@UI.CreateHidden` in conjunction with `$edmJson` pointing to a singleton.
489+
490+
First, you define the [singleton](../advanced/odata#singletons) in your service and annotate it with [`@cds.persistency.skip`](../guides/databases#cds-persistence-skip) so that no database artefact is created:
491+
492+
```cds
493+
@odata.singleton @cds.persistency.skip
494+
entity Configuration {
495+
key ID: String;
496+
isAdmin : Boolean;
497+
}
498+
```
499+
> A key is technically not required, but without it some consumers might run into problems.
500+
501+
Then define an `on` handler for serving the request:
502+
503+
```js
504+
srv.on('READ', 'Configuration', async req => {
505+
req.reply({
506+
isAdmin: req.user.is('admin') //admin is the role, which for example is also used in @requires annotation
507+
});
508+
});
509+
```
510+
511+
Finally, refer to the singleton in the annotation by using a [dynamic expression](../advanced/odata#dynamic-expressions):
512+
513+
```cds
514+
annotate service.Books with @(
515+
UI.CreateHidden : { $edmJson: {$Not: { $Path: '/CatalogService.EntityContainer/Configuration/isAdmin'} } },
516+
UI.UpdateHidden : { $edmJson: {$Not: { $Path: '/CatalogService.EntityContainer/Configuration/isAdmin'} } },
517+
);
518+
```
519+
520+
The Entity Container is OData specific and refers to the `$metadata` of the OData service in which all accessible entities are located within the Entity Container.
521+
522+
:::details SAP Fiori elements also allows to not include it in the path
523+
```cds
524+
annotate service.Books with @(
525+
UI.CreateHidden : { $edmJson: {$Not: { $Path: '/Configuration/isAdmin'} } },
526+
UI.UpdateHidden : { $edmJson: {$Not: { $Path: '/Configuration/isAdmin'} } },
527+
);
528+
```
529+
:::
486530

487531
## Value Helps
488532

0 commit comments

Comments
 (0)