Icon View Thread

The following is the text of the current message along with any replies.
Messages 1 to 3 of 3 total
Thread How to get the user's effective permission from the native server module's OnExecute method
Wed, Dec 28 2022 6:04 AMPermanent Link

jakubdr


Hi to all,
I would like to ask how it is possible to get the user's effective permission from the native server module's OnExecute method.

My app works like this:
EWB client application authenticate against server using serverSession sucessfuly so I have EWBSessionID cookie. All next requests are routed to server native module (writen in delphi) but I don't know how to obtain
current user permission from this server native module.

server module delphi code:

procedure TCineConModule.EWBModuleExecute(Request: TEWBWebServerRequest );
begin
 here I need sometning like:
 if  usersession.EffectivePrivileges....
end;

I found one solution - send user/password from client in every request header, then  use TEWBServerSession component instance from inside module, authenticate and get EWBServerSession.EffectivePrivileges. The problem is that I need to hold the password in the client browser and I don't like that.

Can someone please advise me how to solve this?

Regards, Jakub


Thu, Dec 29 2022 1:32 PMPermanent Link

Frank

GlobeStar Systems (Connexall)

<< jakubdr wrote:


Hi to all,
I would like to ask how it is possible to get the user's effective permission from the native server module's OnExecute method.
...
I found one solution - send user/password from client in every request header, then  use TEWBServerSession component instance from inside module, authenticate and get EWBServerSession.EffectivePrivileges. The problem is that I need to hold the password in the client browser and I don't like that.
Can someone please advise me how to solve this?

Regards, Jakub

>>


Hi Jakub,

You should be able to access global TApplication instance "Request" property and then "RequestSession" which should give you access to the TWebServerSession and then use HasRole and HasPrivilege to check

Raul
Thu, Dec 29 2022 4:48 PMPermanent Link

jakubdr

Frank wrote:

<< jakubdr wrote:


Hi to all,
I would like to ask how it is possible to get the user's effective permission from the native server module's OnExecute method.
...
I found one solution - send user/password from client in every request header, then  use TEWBServerSession component instance from inside module, authenticate and get EWBServerSession.EffectivePrivileges. The problem is that I need to hold the password in the client browser and I don't like that.
Can someone please advise me how to solve this?

Regards, Jakub

>>


Hi Jakub,

You should be able to access global TApplication instance "Request" property and then "RequestSession" which should give you access to the TWebServerSession and then use HasRole and HasPrivilege to check

Raul

>>

Hi Raul,
thank you for reply. Unfortunately the Application.Request.ReqestSession is available only from framework used by EWB (compiled by pascal to js compiler and run on server). But I use Delphi IDE
and components for produce native server DLL module and there is no any authenticated serverSession instance for this purpose (or I couldn't find it)

The module's OnExecute( aRequest ..)  parameter also doesn't contain any reference to username or session.

I also tried issue request (from inside
module's OnExecute method) back to server /authentication?method=geteffectiveaccess resource with EWBSessionID cookie obtained from  OnExecute( aRequest ..)  parameter, but  timeout error always ocour for any request containing this cookie (which is "authenticated").

But I still hope there must be property containing data I need Smile

Jakub
Image