How to get all the roles of current user?


#1

We have different roles which can be assigned to users. We want to get all the assigned roles of current user, so that we can manage a restricted view on UI.
API User.getRoles(“username”) gives the list of roles but it can be accessed only by UserAdmin. Please let me know if there is any way to get the all roles of current user.


#2

Hey Nikhil,

User.get('<<<USER_ID>>>').allRoles()

Should do the trick. Check out c3ShowType(User) for more details on the api.

Otherwise, something like this will get you all of the Groups:

User.fetch({filter: "id == '" + c3Context().username + "'"}).objs[0].groups.at('id')

Then you can take that and fetch the Roles that are in those groups.

( ActionContext.dump() is the rough Type System equivalent to c3Context() (which only works in the static/console, like c3Grid, c3CSV, etc.)


#3

Thanks for the response @ColumbusL.
I tried using your suggestions but getting 403 error.
I guess, to access functions on User type user must have UserAdmin level access which normal user will never have. So this is not working.


#4

I think you can access using something like

userGroups  = environment.get('session.user.data.groups');

you can give a try from console running this

env.session.user.data.groups


#5

environment doesn’t seem to be a type. Is it some variable?


#6

You can also refer to current User by User.myUser()

more specifically, to get current user’s roles User.myUser().allRoles()


#7

‘environment’ is basically a secret, not-documented, not supported, implementation detail of the ui framework. I recommend not relying on it. Its not a type, so its not supported.


#8

Here as well admin user can only access allRoles method. Though we get access groups from myUser which can be used to implement authorization.


#9

sorry, “implement” authorization?

Authorization is already implemented in the platform… do you mean to ‘define’ authorization roles?

This should be done during application development (not directly in the environment) and you should make sure it works by writing tests in your package.


#10

We already have defined roles and groups. We just wanted to access the roles of logged in user from UI side to implement authorization from UI perspective.


#11

Have you explored PageGroup? This is a type that allows you to define access to pages by AdminGroup (if you are using C3 UI Framework)


#12

Not sure what you mean by UI here but “enforcing” authorization in the browser JS code sounds weak to me.

If PageGroups don’t work for you then you should create server side APIs that UI is calling and enforce Authz using standard mechanizms


#13

We are using ReactJs for front end, so I guess PageGroup will not work for us. We already have authorization implemented from server side; we just wanted UI (front end) to be intuitive to user.