Javascript code in action conditions of a Role


I have to write some complicated logic for giving different users access on the platform (a dynamic filter on the data they can access based on the user that is trying to access it). Can I write the action conditions as a javascript function?



I don’t think so—action conditions are entirely expression based, but you can access the current user in an action condition via context.userName and provide data access for specific users by traversing the data model. You may need to add some entity types in order to link User records to the type to which you want to restrict access.

Could you solve this problem using ACLs instead of action conditions? Check out the in-depth article “Access Control” in the documentation site, as well as the documentation for the types AclEnabled, AclPrivilege, EnableAclPrivilege, and AclEntry. ACL logic is implemented as expressions that traverse the data model and can be implemented to give specific admin groups, roles, or even specific users access to data. In extreme cases, you may be able to override the AclEnabled.populateAcl function.