cancel
Showing results for 
Search instead for 
Did you mean: 

Get the roles of the logged in user in my sapui5 application

Thiagoc789
Participant
0 Kudos
1,432

Hello experts, I have managed to obtain the current user and some scopes appear that are not defined, I have read that I need to implement a custom logic to obtain the roles that I define in my btp cockpit, I have tried to follow the post https://blogs .sap.com/2021/02/20/sap-tech-bytes-approuter-user-api-service/ with the first comment but I can't understand where I should put that code and how I implement it for my launchpad deployment. Thank you so much

View Entire Topic
nicoschoenteich
Developer Advocate
Developer Advocate
0 Kudos

Hi Santiago,

Good job on fetching the user information.

The thing is that without custom logic you only get the scopes that are part of the xsuaa instance that ist bound to your app - meaning the roles that were deployed with your xs-security.json. To fetch the scopes that are not part of your application (maybe other role collections that you assigned via the SAP BTP Cockipt) you do need the custom logic. BUT, the custom logic can only be implemented with a standalone approuter, not with the managed approuter your are relying on when using the the Fiori Launchpad. So I'm afraid if your are trying to fetch scopes beyond the ones of your app, that does not work with your set-up. Is the standalone approuter and option for you?

Thiagoc789
Participant
0 Kudos

Thanks Nicolai, i need deploy my application on workzone.

This is my xs-security.json file where I assign some read and write scopes which I want to obtain in my application to allow it to enter or not a route, it is possible to assign these roles that are created in this file to a specific user that logged in?

{
"xsappname": "evaluatorweb",
"tenant-mode": "dedicated",
"description": "Security profile of called application",
"scopes": [
{
"name": "uaa.user",
"description": "UAA"
},
{
"name": "evaluatorweb.read",
"description": "read access"
},
{
"name": "evaluatorweb.write",
"description": "write access"
},
{
"name": "otro",
"description": "write access"
}
],
"role-templates": [
{
"name": "Token_Exchange",
"description": "UAA",
"scope-references": [
"uaa.user",
"otro"
]
},
{
"name": "Evaluador",
"description": "Role for Evaluators",
"scope-references": [
"evaluatorweb.read",
"evaluatorweb.write"
]
},
{
"name": "Colaborador",
"description": "Role for Collaborators",
"scope-references": [
"evaluatorweb.read",
"evaluatorweb.write"
]
},
{
"name": "Talento_Humano",
"description": "Role for Human Talent",
"scope-references": [
"evaluatorweb.read",
"evaluatorweb.write"
]
}
]
}

nicoschoenteich
Developer Advocate
Developer Advocate
0 Kudos

Ok, so the question is about how to assign these scopes, not how to retrieve them in your UI5 application?

Yes, of course you can assign role collections to users in the SAP BTP Cockpit. Go to Security > Users > select a user > Three Dots at Role Collections > Assign Role Collection

Thiagoc789
Participant
0 Kudos

Yes, the question is how to get those scopes in my ui5 application, sorry for the confusion, for now I have this, this is my user with whom I log in and I assigned these roles collection, which are the ones I define in my xs-security.json which I put in the previous answer and it should give me the scopes of evaluatorweb.read and evaluatorweb.write and "other", but as you can see in the initial question it only returns the scope openid and uaa.user

nicoschoenteich
Developer Advocate
Developer Advocate
0 Kudos

Ok, got it.

So the question now is: Is your destination content that you deploy via the mta.yaml (that also points to your html5 app) bound to this xsuaa instance that you defined the scopes for?

Thiagoc789
Participant
0 Kudos

I'm not sure, I thought these things were automatically bound, could you check my mta and help me verify or how should I do it?

_schema-version: '3.2'
ID: evaluatorweb
description: Generated by Fiori Tools
version: 0.0.1
modules:
- name: evaluatorweb-destination-content
type: com.sap.application.content
requires:
- name: evaluatorweb-destination-service
parameters:
content-target: true
- name: evaluatorweb-repo-host
parameters:
service-key:
name: evaluatorweb-repo-host-key
- name: evaluatorweb-uaa
parameters:
service-key:
name: evaluatorweb-uaa-key
parameters:
content:
instance:
destinations:
- Name: evaluatorweb_html_repo_host
ServiceInstanceName: evaluatorweb-html5-srv
ServiceKeyName: evaluatorweb-repo-host-key
sap.cloud.service: evaluatorweb
- Authentication: OAuth2UserTokenExchange
Name: evaluatorweb_uaa
ServiceInstanceName: evaluatorweb-xsuaa-srv
ServiceKeyName: evaluatorweb-uaa-key
sap.cloud.service: evaluatorweb
existing_destinations_policy: ignore
build-parameters:
no-source: true
- name: evaluatorweb-app-content
type: com.sap.application.content
path: .
requires:
- name: evaluatorweb-repo-host
parameters:
content-target: true
build-parameters:
build-result: resources
requires:
- artifacts:
- evaluatorweb.zip
name: evaluatorweb
target-path: resources/
- name: evaluatorweb
type: html5
path: .
build-parameters:
build-result: dist
builder: custom
commands:
- npm install
- 'npm run build:cf'
supported-platforms: []
resources:
- name: evaluatorweb-destination-service
type: org.cloudfoundry.managed-service
parameters:
config:
HTML5Runtime_enabled: true
init_data:
instance:
destinations:
- Authentication: NoAuthentication
Name: ui5
ProxyType: Internet
Type: HTTP
URL: 'https://ui5.sap.com'
existing_destinations_policy: update
version: 1.0.0
service: destination
service-name: evaluatorweb-destination-service
service-plan: lite
- name: evaluatorweb-uaa
type: org.cloudfoundry.managed-service
parameters:
path: ./xs-security.json
service: xsuaa
service-name: evaluatorweb-xsuaa-srv
service-plan: application
- name: evaluatorweb-repo-host
type: org.cloudfoundry.managed-service
parameters:
service: html5-apps-repo
service-name: evaluatorweb-html5-srv
service-plan: app-host
parameters:
deploy_mode: html5-repo
enable-parallel-deployments: true
Thiagoc789
Participant
0 Kudos

ok it seems that it is being assigned well, I made some changes and it creates the xs security roles in btp but I assign these roles to the user and in scopes it remains the same

Thiagoc789
Participant
0 Kudos

Thank you for your example, I have solved my error, it was a name issue, at this moment I am obtaining my scope like this, do you know how I can access the first part of my scope the evaluatorweb!t171102 dynamically in my application to obtain the entire scope and so on do validations? Thank you

i got : "evaluatorweb!t171102.CustomRole"

nicoschoenteich
Developer Advocate
Developer Advocate
0 Kudos

Hi Santiago,

I am glad you got it working now. I guess you could split the scope add the dot and get the first part that way. I do want to point out that you should always do scope validations in the frontend and backend, so please make sure to protect your backend APIs as well.

Best, Nico

GulamJaffar
Discoverer
0 Kudos
Hi Thiagoc and Nicolai,
GulamJaffar
Discoverer
0 Kudos
I have followed you blog and could able to create roles at btp level, how to get those scopes at runtime in my application ?