Custom Transport - Leap Roles
Role Manager Transport
Author: Chris Philips, Christopher Dawes
Attached is a sample Leap application that uses all of the services available. RoleServiceTestApp_864.nitro_s
Revision History:
v1.5 - Mar 14 2017:
- Fixed an issue when checking if the user/group is already in the role
v1.4 - Mar 1 2017:
- Added debugging messages when trace string (com.ibm.support.examples.*=finest) is enabled
- Fixed issues with group assignments (in the transport as well as the service description XML files). If you already have the XML files, please download them again.
- The type parameter is no longer case sensitive
- The service now supports updating multiple records with the same user/group information
v1.3 - Feb 2016 - Updated the jar with the 8.6.2 development jar files.
v1.2 - Oct 3, 2014 - The DynamicRoleLookup now has an option to return the users defined in a static role. There is a new type parameter that can be "open" or "closed" to indicate the type of role being searched.
v1.1 - April 7, 2014 - Fixed a bug. Now the transport will first check the FEB DB for the user, if not found then it will check the configured federated repository
v1.0 - Jan 2014 - Initial deployment
Description
This transport provides a mechanism for a FEB application to interact directly with Roles and Groups. You can add, remove or look-up users or groups to a role for an application or a specific record. The functions are:
DynamicRoleLookup – Returns the id's of the user(s) or group(s) for the specified role. The ID is the configured log-in property for FEB. For example if your users log-in with an email address then the id will be the email address.
DynamicRoleUpdate – Adds the user(s) or group(s) to the specified role. The function leverages existing components of FEB. It queries the FEB USER table, if the user cannot be found then it queries the configured federated repository and if found creates a record in the USERS table.
*Limitation* - Querying the federated repository for valid groups returns an error. Therefore if the group does not already exist in the GROUPS table then you will be unable to add it to a role.
UserInRoleLookup – Returns true if the current user is in the specified role
Required Common Variables
Input Parameter | Description |
action | The function to perform. Valid values are “dynamic.user.group.lookup”, “inrole.lookup”, “dynamic.user.group.update” |
appid | The id of the application. You can either hard-code it in the service description or you can retrieve this programmatically in your FEB application by using app.getUID(); |
formid | The id of the form. You can either hard-code it in the service description or you can retrieve this programmatically in your FEB application by using form.getId(); |
recordid | The id of the specific form record. You can programmatically retrieve this by using BO.getDataId(); |
role | The name of the role that you want to modify. |
Output Parameters | Description |
errormessage | The error message if one occurs. |
success | Boolean value indicating the function was successful or not. |
DynamicRoleLookup Variables
| Input Parameters | Description |
| type | The role type. Valid values are "open" or "closed", defaults to "open". Values are case-insensitive in v1.3. |
Output Parameters | Description |
userlist | The list of users in the specified role. Contains two child parameters: user.id and user.name. |
grouplist | The list of groups in the specified role. Contains two child parameters: group.id and group.name. |
DynamicRoleUpdate Variables
Input Parameters | Description |
| records.to.update | If you want to apply role changes to more than one record then you can specify all the records using this list. For each row in the list you must specify the app id, form id, record id and role name. |
users.to.add | The list of users to add to the specified role. Contains one child parameter: user.id. |
users.to.remove | The list of users to remove from the specified role. Contains one child parameter: group.id. |
groups.to.add | The list of groups to add to the specified role. Contains one child parameter: user.id. |
groups.to.remove | The list of groups to remove from the specified role. Contains one child parameter: group.id. |
user.to.add | The id of user to add to the specified role. |
user.to.remove | The id of the user to remove from the specified role. |
group.to.add | The id of the group to add to the specified role. |
group.to.remove | The id of the group to remove from the specified role. |
UserInRoleLookup Variables
Output Parameters | Description |
inrole | Boolean value. True if the user is in the role. Will be false if the look-up fails |
Transport ID
com.ibm.UserAndGroupInfoTransport.id
Sample Transport
A Sample Transport has been provided.
Sample Application
A sample application has been provided.
Installation Notes
CustomRoleManagmentTransport.jar
1. Copy the jar file into the extensions directory (/opt/IBM/Forms/ or c:\IBM\Forms or where you have defined it). You may have to change the ownership and permissions so that the server can access/execute the file.
2. Copy the XML files into the ServiceCatalog\1 directory
3. After about 1 minute the services should appear in your FEB application, restart is not required.
Troubleshooting
Additional trace information can be seen by enabling the trace string com.ibm.support.examples.*=finest.
If you encounter any issues with the transport post in the forum and the author will investigate.