KNOWLEDGE BASE
Log In    |    Knowledge Base    |    4D Home
Tech Tip: Rest Access with roles.json Example
PRODUCT: 4D | VERSION: 20 R | PLATFORM: Mac & Win
Published On: November 11, 2024

When setting up access to a REST server, getting the roles.json to filter access correctly can be difficult.

This tech tip will provide a basic example of a roles.json that allows a user with the correct privelege to read records from the table "rest_resource". This example will use Force Login Mode and authentify(). This implementation will allow anyone who calls authentify() to access the resource which is obviously not desirable in a real application.

For information about Force Login Mode please refer to the documentation here

For information about the roles.json file please refer to the documentation here

The DataStore class looks like this:

Class extends DataStoreImplementation

exposed Function authentify() : Boolean

   return Session.setPrivileges("example_privilege")


* In a real application, additional logic would be added here to conditionally call Session.setPriveleges() after checking the user credentials. An example of this is in the Force Login Mode documentation


and the roles.json looks like this:

{
   "privileges": [
      {
         "privilege": "example_privilege",
         "includes": []
      }
   ],
   "roles": [],
   "permissions": {
      "allowed": [
         {
            "applyTo": "rest_resource",
            "type": "dataclass",
            "read": [
               "example_privelege"
            ]
         }
      ]
   },
   "forceLogin": true
}


* Note in the above JSON how the privelege, "example_privelege", is declared under the "priveleges" key and then under the "permissions" key, it is applied as the read privelege for the dataclass named "rest_resource".

Trying to access the rest_resource like this:


$connectTo:=New object("type"; "4D Server"; "hostname"; "127.0.0.1")

$ds:=Open datastore($connectTo; "test")

//$result:=$ds.authentify()
$es:=$ds.rest_resource.all()


results in the following error:



However, if authentify() is called first like this:

$connectTo:=New object("type"; "4D Server"; "hostname"; "127.0.0.1")

$ds:=Open datastore($connectTo; "test")

$result:=$ds.authentify()
$es:=$ds.rest_resource.all()


then the resource can be accessed: