Support > Repository > Authentication/Authorization > Changing the applicability of authority depending on conditions
ja | en

Depending on the value of the item, you can change the applicability of the set privilege (at run time).

Depending on the value of the item of the target model, you can set whether to apply the specified authority or not.

Set a conditional expression for viewing authority

If you operate with an authorized account and the conditional expression becomes true, that item will be readable. If the conditional expression is false, the item becomes invisible (not displayed).

Set conditional expression to update authority

If you operate with an authorized account and the conditional expression becomes true, that item can be updated. If the conditional expression is false, the item becomes updatable (browsing only).

Let's set conditions for update authority of "e-mail" item of customer model.

Figure 1 Model definition

Open the "Function Privileges" tab in the "Privileges" tab.We added two principals "personal information R" and "personal information W".Each of these holds the permissions "Mail R" and "Mail W".

"R" is read and "W" is intended for writing.

Fig. 2 Add personal information R and personal information W principal

In the "E-mail" field, set browsing authority and renewal authority.[More ...]

You can specify conditions here.To put it concretely, write "; (semicolon)" in the authority specification field for the item.The right side of this delimiter is the conditional expression.The return value of the conditional expression istrueOrfalseWe will do either.

Figure 3 Setting conditional update permission

This expression is supposed to return true if age (age) is 20 or more.Therefore, it is possible to update over 20 years old, and below that (renewable authority) will be renewable.

p_mailW; IF(${age}>=20,true,false)
The following tests can not be tried with the trial kit.This is to add account processing.Please use development kit.

I prepared an account "manager"."Manager" has "customer management", "personal information R" and "personal information W" principal.

Figure 4 Principal of account manager

It is an example of logging on with "manager" and updating customer data.Since the age is 20 years old or more, the "E-mail" item can be updated.

Figure 5 Updating customer data (1)

Another example of updating customer data.Since the age does not satisfy the condition that it is over 20 years old, "E-mail" item can not be updated.

Figure 6 Updating customer data (2)
When the value of the item ("age" in the above example) subject to the conditional expression is changed, it can be used together with the setting to redraw the screen. As a result, when you change the value on the registration/update screen, the item display can be switched automatically.

SCREENTYPEFunction andHASMODELPERMISSIONHere is an example of using functions to control authority by screen.

Select; IF (EXACT (SCREENTYPE (), "insert"), true, HASMODELPERMISSION ("perm_koushin", "product"))

The description of this expression is as follows.

  • Select is the standard permission provided by Wagby.[More ...]
  • If screen type (SCREENTYPE ()) is "insert" (registration screen), it becomes true (that is, editable).
  • If the screen type (SCREENTYPE ()) is other than "insert" (in case of update screen), it is true (editable) if it has perm_koushin authority, and false (not editable) if you do not have permission.

When you want to apply a conditional expression by input value

Target of conditional expressionWhen the value of the item is changed, redraw the screenPlease use in combination with the setting. As a result, when you change the value on the registration/update screen, the item display can be switched automatically.

Repeating item/Repeating container item

When conditional permission settings are applied to repeating items and repeating containers, the following actions will be taken.

  • At the time of new registration, if an initial value is specified, that value will be set.
  • On the update screen, the registered value is used as it is.
  • If the permission is enabled and it becomes editable, the initial value is set if the value is blank.If it contains a value, that value will be used as it is.
  • The sort button is hidden with read-only status.
  • When combining input check of input items in repeated container and conditional authority designation, input check is performed only for records that can be entered.
  • When an item in the repeating container is specified in the conditional expression, the label display judgment is made using the first data.

Search condition

If you add an item with conditional permission setting to the search condition on the search screen, the condition part is ignored.

List display

When you add items with conditional permission setting to the list display screen, it becomes as follows.

  • If you do not satisfy the conditions of browsing permission, the items are not displayed on the list display screen.
  • If it does not satisfy the condition of update authority (although it satisfies the viewing condition), all the column headings are displayed on the list display screen and the contents are not displayed.
  • In the case of including items ("mail address" in the above setting example) for which conditional authority setting is made on the list display screen, items of the condition part ("age" item in the setting example above) are also included in the list display screen it is necessary.This is because it is necessary for condition judgment processing.
  • When outputting items in the repeated container (as items on the list display) in the conditional right management on the list display screen, the conditional expression is determined using the data at the beginning of the container.