BuyLog In
Ticket T468768
Visible to All Users

Is there a way to pull in the current user into a security criteria expression.

created 8 years ago

With the security model you are able to set criteria statements for granting access to certain information and I am doubting that we handling it correct.

I want to be able to hide information if none of the following are true.

  1. The record was created by the user
  2. The record is for a employee that you manage.
  3. or you are a member of a certain role.

The expression looks as follows

[Employee.CurrentUser.Employee.EmployeeCode] = [Employee…EmployeeCode]
Or [Employee.CurrentUser.Employee.EmployeeCode] = [Employee.ApprovalManager1.EmployeeCode]
Or IsCurrentUserInRole('Administrator')
Or IsCurrentUserInRole('CorporateAdministrator'))

In order for me to do this I need to have the following Current user property on the employee object or any other objects that hey need it.

//Jira422: removed Static declaration as security expressions do not work in web client
        //private static SecurityUser _CurrentUser;
        private SecurityUser _CurrentUser;
        [ToolTip("This property is used in security and model editor criteria expressions")]
        private SecurityUser CurrentUser
        {
            get
            {

if (_CurrentUser == null || ((IXPInvalidateableObject)_CurrentUser).IsInvalidated || !_CurrentUser.Session.Equals(this.Session))
                {
                    _CurrentUser = this.Session.GetObjectByKey<SecurityUser>(((SecurityUser)SecuritySystem.CurrentUser).Oid);
                }
                return _CurrentUser;
            }
        }

I have a feeling that there is a better may. Is there a way to call the current user record directly from the expression?

Sign in to comment on this post

Answers approved by DevExpress Support

created 8 years ago (modified 8 years ago)

Hello Robert.

I recommend that you use the built-in CurrentUserId() function operator to access the key value of the current user within criteria. In your scenario, the criterion may look as follows:

C#
[<SecurityUser>][[Oid] = CurrentUserId() And [Employee.EmployeeCode] = [^.Employee.EmployeeCode]]  
Or [<SecurityUser>][[Oid] = CurrentUserId() And [Employee.EmployeeCode] = [^.Employee.ApprovalManager1.EmployeeCode]]  
Or IsCurrentUserInRole('Administrator')  
Or IsCurrentUserInRole('CorporateAdministrator')

If Employee and SecurityUser are connected using an association, the criterion can be simplified.

See also:
Free Joins
How to: Build Complex Criteria

    Show previous comments (2)
    DevExpress Support Team 8 years ago

      Thanks for the confirmation. Should you have additional questions, please let me know.

      HS HS
      harvinder singh 4 5 years ago

        what i am doing wrong when apply following criteria in security criteria

        [Created By.Permission Policy User.Oid] = [<SecurityUser>][[Oid] = CurrentUserId()]

        DevExpress Support Team 5 years ago

          @Harvinder: I've created a separate ticket on your behalf (T852850: What am I doing wrong when apply the following security criteria). It has been placed in our processing queue and will be answered shortly.

          Sign in to comment on this post

          Disclaimer: The information provided on DevExpress.com and affiliated web properties (including the DevExpress Support Center) is provided "as is" without warranty of any kind. Developer Express Inc disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. Please refer to the DevExpress.com Website Terms of Use for more information in this regard.

          Confidential Information: Developer Express Inc does not wish to receive, will not act to procure, nor will it solicit, confidential or proprietary materials and information from you through the DevExpress Support Center or its web properties. Any and all materials or information divulged during chats, email communications, online discussions, Support Center tickets, or made available to Developer Express Inc in any manner will be deemed NOT to be confidential by Developer Express Inc. Please refer to the DevExpress.com Website Terms of Use for more information in this regard.