Versions Compared

Old Version 8

changes.mady.by.user Jacques Marais

Saved on

compared with

New Version Current

changes.mady.by.user Jacques Marais

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

As a System Admin or Shop Owner, I want to see farmer locations on a map.

 

Table of Contents

 

Lesson Outcomes

By the end of this lesson you should:

  • Know how to use the Map <map> widget
  • Now Know how to restrict which data a user is allowed to see by using the @Restrict the @Restrict object annotation
 

 

 

Scenario

Suppose we want to enable System Admin and Shop Owners system administrators and shop owners to see the location of farmers, but with different requirements for the two user roles viewing the data:

  • System Admins administrators should be allowed to see the locations of all farmers.
  • Shop Owners owners should be allowed to see the locations of all farmers except those residing in the state of Inland, for the state government of Inland has decreed that private location data about its residents should no longer be available to persons below the level of Tutorial System Admin.

 

  • tutorial system administrator.

 

 

New & Modified App Files

./model/roles/Farmer.mez

./web-app/images/Globe.png

./web-app/lang/en.lang

./web-app/presenters/user_managment/FarmerMap.mez

./web-app/views/user_management/FarmerMap.vxml

 

 

Placing Restriction Rules on Objects

Instead of effecting viewing restrictions in presenter function logic, it may seem the safer option to mark the persistent object itself as restricted in a particular way. We do this by adding the @Restrict the @Restrict annotation to the object. According to the requirements mentioned in the Scenario section, the Farmer object needs to be changed as follows:

Code Block
languagejava
linenumberstrue
@Restrict("System Admin", all())
@Restrict("Shop Owner", notEquals(state, STATES.Inland))
@Role("Farmer")
persistent object Farmer {...}

Note that the role for which to restrict is being restricted - the first parameter for @Restrict - is specified using the role name (e.g. "System Admin"), and not the object name .The above says that System Admins will be allowed to see all Farmers, but Shop Owners will only be able to see Farmers whose state is not "Inland". The second argument for the @Restrict annotation (e.g. "SystemAdmin"). The second parameter for the @Restrict annotation can be any of the Selector built-in functions (see Appendix C: Quick Reference), or combination thereof, used in the same way as you would when reading from the persistence layer. The above says that system administrators will be allowed to see all farmers, but shop owners will only be able to see farmers whose state is not "Inland". 

You will have noticed that objects were, throughout the tutorial thus far, universally visible without adding an all() restriction anywhere. Indeed, the first line in the snippet above is completely redundant and can be safely removed. 

 

Info

Despite the apparent redundancy of using all() within a @Restrict annotation, it is commonly seen in apps written to coexist with a Helium Android Client counterpart, as the annotation also doubled as a way to define the rules by which data synced between the two. The Helium Android Client is no longer supported.

 

 

Testing the New Restriction Using the Map Widget

Create a view accessible to System Admins system administrators as well as Shop Owners. Place on it a map shop owners. Add a <map> widget by adding the following to the view:

Code Block
languagexml
titleview snippet
linenumberstrue
<map latitudeAttributelat="latitude" longituteAttributelong="longitude" 		refreshIntervalSeconds="30">
	<collectionSource function="getFarmers"/>
	<markerTitle value="getMarkerTitle"/>
	<markerIcon value="getImageFileNamegetMarkerIcon"/>
	<markerDesc value="getMarkerDescription"/>
</map> 

The above says the map will be populated using a collection returned by getFarmers, and that an object from this collection has latitude and longitude attributes that should be used to determine its placement on the map. The refreshIntervalSeconds attribute refreshIntervalSeconds widget attribute is optional.

Code Block
languagejava
titlepresenter snippet
linenumberstrue
string getMarkerTitle(Farmer farmer) {
   return String:concat(farmer.firstName, " ", farmer.lastName);
}
string getMarkerDescription(Farmer farmer) {
   return farmer.farmAddress;
}
string getMarkerIcon(Farmer farmer) {
   return null;
}
Farmer[] getFarmers() {
   return Farmer:equals(deleted, false);
}

Note that, while the markerIcon <markerIcon> child element is required, we can have its value as null to fall back to the default pin icon. Clicking on the pin icon opens a pop-up bearing the specified title and description.

Create some farmers residing in the Inland state, and some others residing in any of the other states. Also be sure to invite yourself as a "Shop Owner". If you navigate to your new view as a "System Admin", you should now see all the farmers on the map, but switch to using your app as a "Shop Owner" and look at the map again, and you should only see those not from the state of Inland.

As "System Admin":

As "Shop Owner":

 

 

 
Info

The older map attributes "latitudeAttribute" and "longituteAttribute" (sic) instead of "lat" and "long" is also valid.

Lesson Source Code

Lesson 15.zip