My series of Cloud Application Studio Blogs
- How to detect EditMode in an Embedded Component
- Step by step to enable your custom BO with attachment upload functionality
- Step by step to create an Adobe Print form in Cloud application Studio
- How to render PDF which displays picture from the image attachment of your custom BO
- How to get current logged on business user’s employee information and assigned organization unit via...
- How to implement dynamic access control based on custom BO using OWL
- How to make Code List Restriction work when control field and restricted field are not on the same B...
- How to implement custom number range using custom business object
- Two approaches to create Code List in Cloud Studio
- Create Dynamic Code List via Custom Business Object Association
- Step by step to develop Thing Type based navigation and BO Object based navigation
- Put Extension field into embedded component and make it visible in Standard UI
- One possible cause that embedded component fails to display in UI
- Step by step to create HTML Mashup and make it visible in UI
- Step by step to enable Text Collection for your custom BO
- Automatically send an Email notification to line manager via Workflow in Account application
- Step by step to create Object Value Selector in Cloud Application Studio
- Two approaches to fill an UI field with dedicated logic implemented in Cloud Application Studio
- How to execute BO action on multiple selected BO instances in AdvancedListPane
- How to add custom validation logic on mobile phone field in Contact TI
Suppose I have a testBO with the following fields:
import AP.Common.GDT as apCommonGDT;
import AP.FO.BusinessPartner.Global;
businessobject TestBO {
[Label("Agreement ID")] [AlternativeKey] element AgreementID:ID;
[Label("Start Date")] element StartDate:Date;
[Label("Close Date")] element CloseDate:Date;
[Label("Duration")] element Duration:NumberValue;
[Label("IsOverDue")] element IsOverDue:Indicator;
[Label("Quantity")] element Quantity: Quantity;
[Label("ProductName")] element ProductName: LANGUAGEINDEPENDENT_EXTENDED_Text;
[Label("DepartmentName")] [Transient] element DepartmentName:LANGUAGEINDEPENDENT_EXTENDED_Text;
[DependentObject(AttachmentFolder)] node Attachment;
}And here is some test data displayed in OWL:
Now I would like to achieve the dynamic access control below:
Suppose the currently logged on user has been assigned to an organization unit which is only allowed to sell product with name "Laptop", then this business user SHOULD ONLY see those entries whose value in ProductName equals to Laptop as well. That is to say, the last two entries in above picture with ProductName Monitor should be filtered out.
How the restriction that only Laptop is allowed to sell for employees within a given Organization Unit
For demonstration purpose I just reuse the standard field "Department Name" to store the name of sellable product.
And I assign myself to this organization unit, which means Employee Jerry Wang is only allowed to sell Laptop.
Now I implement this dynamic access control into a new OWL named TestBORestricted_OWL.
Below is the achievement: I have put this new OWL into a new tab in Thing Inspector and once launched, only entries whose ProductName equal to Laptop are displayed. Other entries are filtered out due to the fact that this employee is not allowed to sell them.
Implementation Detail
Here below is step by step implementation detail:
1. Create an AfterLoading event in TestBO with mass enabled checkbox unselected,
And implement the following ABSL code to fill the transient field with product name which is allowed to sell for current logged on user.
import ABSL;
import AP.PC.IdentityManagement.Global;
import AP.FO.BusinessPartner.Global;
var queryByIdentityUUID = Identity.QueryByElements;
var queryByIdentityUUIDParameter = queryByIdentityUUID.CreateSelectionParams();
var queryByEmployeeBPUUID = Employee.QueryByIdentification;
var queryByEmployeeBPUUIDParameter = queryByEmployeeBPUUID.CreateSelectionParams();
if ( this.DepartmentName.IsInitial()){
var id = Context.GetCurrentIdentityUUID().content;
queryByIdentityUUIDParameter.Add( queryByIdentityUUID.UUID.content, "I", "EQ", id.ToString() );
var result = queryByIdentityUUID.Execute(queryByIdentityUUIDParameter);
var first = result.GetFirst(); // points to identity instance
var person = first.Person;
var bpUUId = person.UUID.content;
queryByEmployeeBPUUIDParameter.Add( queryByEmployeeBPUUID.UUID.content, "I", "EQ", bpUUId.ToString());
var employeeQueryResult = queryByEmployeeBPUUID.Execute(queryByEmployeeBPUUIDParameter);
var EmployeeQueryResultCurrent = employeeQueryResult.GetFirst();
if( EmployeeQueryResultCurrent.OrganisationalUnitAssignment.Count() > 0 ){
var assignedOrg = EmployeeQueryResultCurrent.OrganisationalUnitAssignment.GetFirst();
var org = assignedOrg.ToRoot;
// readOnly in AfterLoading event
this.DepartmentName = org.NameAndAddress.AddressSnapshot.NameSuitableForLogonLanguage.GetFirst().Name.SecondLineName;
}
}2. In new TestBORestricted_OWL, create a new field ProductName under search structure SearchParameters.
Bind the query to QueryByElements modelled in TestBO and bind the query parameter ProductName to the field ProductName under SearchParameters.
Create a new inport and bind the parameter to the field mentioned above as well.
3. Create a new outport in Thing Inspector, bind the parameter productName with the transient field DepartmentName filled in step 1.
Create a new tab in Thing Inspector and drag the new OWL into it. Click Bind button:
Bind the parameter of outport defined in TI with the one in inport of new OWL.
With all the steps above done, the sellable product name calculated by ABSL is passed from TI to new OWL via parameter passing during navigation, and could be considered during the query of new OWL is executed. As a result the restriction takes effect due to this ProductName search parameter.
- SAP Managed Tags:
