Security
(security)
Overview
The security
object provides a comprehensive API for managing users, groups, and permissions in a solution. It includes constants for form and table security and methods to control user access and permissions programmatically.
Security constants such as ACCESSIBLE
, DELETE
, INSERT
, READ
, and UPDATE
define flags for controlling access to forms and tables. These constants allow developers to set permissions using datasets and apply them at runtime.
The API includes methods for managing users, such as createUser
, deleteUser
, and changeUserName
. Permissions can be assigned or removed with addPermissionToUser
and removePermissionFromUser
. Developers can query permissions using methods like hasPermission
or retrieve user-related information with getUserName
and getUserUID
.
Authentication is supported via the authenticate
method, which integrates with custom authenticators or Servoy's built-in system. The API also allows setting and managing tenant values to filter data access by tenant.
The security
object facilitates dynamic security configurations and provides control over application access at a granular level.
For more information, please refer to the overall Security documentation.
Constants Summarized
Constant representing the tracking flag for table security (tracks sql insert/update/delete).
Methods Summarized
Gives a user a permission Note: this method can only be called by an admin.
Authenticate to the Servoy Server using one of the installed authenticators or the Servoy default authenticator.
Authenticate to the Servoy Server using one of the installed authenticators or the Servoy default authenticator.
Returns true if the password for that userUID is correct, else false.
Creates a new user, returns new uid (or null when permission couldn't be created or user alreay exist).
Creates a new user, returns new uid (or null when permission couldn't be created or user alreay exist).
Returns the form elements UUID's as dataset, the one with no name is the form itself.
Retrieves the username of the currently logged in user on operating system level.
Retrieve the tenant value for this Client, this value will be used as the value for all tables that have a column marked as a tenant column.
Get the current user name (null if not logged in), finds the user name for given user UID if passed as parameter.
Get the current user name (null if not logged in), finds the user name for given user UID if passed as parameter.
Get the current user UID (null if not logged in); finds the userUID for given user_name if passed as parameter.
Get the current user UID (null if not logged in); finds the userUID for given user_name if passed as parameter.
void
Logout the current user and close the solution, if the solution requires authentication and user is logged in.
void
Logout the current user and close the solution, if the solution requires authentication and user is logged in.
void
Logout the current user and close the solution, if the solution requires authentication and user is logged in.
void
Logout the current user and close the solution, if the solution requires authentication and user is logged in.
void
Logout the current user and close the solution, if the solution requires authentication and user is logged in.
void
Sets the security settings; the entries contained in the given dataset will override those contained in the current security settings.
void
Set the tenant value for this Client, this value will be used as the value for all tables that have a column marked as a tenant column.
Constants Detailed
ACCESSIBLE
Constant representing the accessible flag for form security.
Type Number
Sample
var colNames = new Array();
colNames[0] = 'uuid';
colNames[1] = 'flags';
var dataset = databaseManager.createEmptyDataSet(0,colNames);
var row = new Array();
row[0] = '413a4d69-becb-4ae4-8fdd-980755d6a7fb';//normally retreived via security.getElementUUIDs(...)
row[1] = JSSecurity.VIEWABLE|JSSecurity.ACCESSIBLE; // use bitwise 'or' for both
dataset.addRow(row);//setting element security
row = new Array();
row[0] = 'example_data.orders';
row[1] = JSSecurity.READ|JSSecurity.INSERT|JSSecurity.UPDATE|JSSecurity.DELETE|JSSecurity.TRACKING; //use bitwise 'or' for multiple flags
dataset.addRow(row);//setting table security
security.setSecuritySettings(dataset);//to be called in solution startup method
DELETE
Constant representing the delete flag for table security.
Type Number
Sample
var colNames = new Array();
colNames[0] = 'uuid';
colNames[1] = 'flags';
var dataset = databaseManager.createEmptyDataSet(0,colNames);
var row = new Array();
row[0] = '413a4d69-becb-4ae4-8fdd-980755d6a7fb';//normally retreived via security.getElementUUIDs(...)
row[1] = JSSecurity.VIEWABLE|JSSecurity.ACCESSIBLE; // use bitwise 'or' for both
dataset.addRow(row);//setting element security
row = new Array();
row[0] = 'example_data.orders';
row[1] = JSSecurity.READ|JSSecurity.INSERT|JSSecurity.UPDATE|JSSecurity.DELETE|JSSecurity.TRACKING; //use bitwise 'or' for multiple flags
dataset.addRow(row);//setting table security
security.setSecuritySettings(dataset);//to be called in solution startup method
INSERT
Constant representing the insert flag for table security.
Type Number
Sample
var colNames = new Array();
colNames[0] = 'uuid';
colNames[1] = 'flags';
var dataset = databaseManager.createEmptyDataSet(0,colNames);
var row = new Array();
row[0] = '413a4d69-becb-4ae4-8fdd-980755d6a7fb';//normally retreived via security.getElementUUIDs(...)
row[1] = JSSecurity.VIEWABLE|JSSecurity.ACCESSIBLE; // use bitwise 'or' for both
dataset.addRow(row);//setting element security
row = new Array();
row[0] = 'example_data.orders';
row[1] = JSSecurity.READ|JSSecurity.INSERT|JSSecurity.UPDATE|JSSecurity.DELETE|JSSecurity.TRACKING; //use bitwise 'or' for multiple flags
dataset.addRow(row);//setting table security
security.setSecuritySettings(dataset);//to be called in solution startup method
READ
Constant representing the read flag for table security.
Type Number
Sample
var colNames = new Array();
colNames[0] = 'uuid';
colNames[1] = 'flags';
var dataset = databaseManager.createEmptyDataSet(0,colNames);
var row = new Array();
row[0] = '413a4d69-becb-4ae4-8fdd-980755d6a7fb';//normally retreived via security.getElementUUIDs(...)
row[1] = JSSecurity.VIEWABLE|JSSecurity.ACCESSIBLE; // use bitwise 'or' for both
dataset.addRow(row);//setting element security
row = new Array();
row[0] = 'example_data.orders';
row[1] = JSSecurity.READ|JSSecurity.INSERT|JSSecurity.UPDATE|JSSecurity.DELETE|JSSecurity.TRACKING; //use bitwise 'or' for multiple flags
dataset.addRow(row);//setting table security
security.setSecuritySettings(dataset);//to be called in solution startup method
TRACKING
Constant representing the tracking flag for table security (tracks sql insert/update/delete).
Type Number
Sample
var colNames = new Array();
colNames[0] = 'uuid';
colNames[1] = 'flags';
var dataset = databaseManager.createEmptyDataSet(0,colNames);
var row = new Array();
row[0] = '413a4d69-becb-4ae4-8fdd-980755d6a7fb';//normally retreived via security.getElementUUIDs(...)
row[1] = JSSecurity.VIEWABLE|JSSecurity.ACCESSIBLE; // use bitwise 'or' for both
dataset.addRow(row);//setting element security
row = new Array();
row[0] = 'example_data.orders';
row[1] = JSSecurity.READ|JSSecurity.INSERT|JSSecurity.UPDATE|JSSecurity.DELETE|JSSecurity.TRACKING; //use bitwise 'or' for multiple flags
dataset.addRow(row);//setting table security
security.setSecuritySettings(dataset);//to be called in solution startup method
TRACKING_VIEWS
Constant representing the tracking flag for table security (tracks sql select).
Type Number
Sample
var colNames = new Array();
colNames[0] = 'uuid';
colNames[1] = 'flags';
var dataset = databaseManager.createEmptyDataSet(0,colNames);
var row = new Array();
row[0] = '413a4d69-becb-4ae4-8fdd-980755d6a7fb';//normally retreived via security.getElementUUIDs(...)
row[1] = JSSecurity.VIEWABLE|JSSecurity.ACCESSIBLE; // use bitwise 'or' for both
dataset.addRow(row);//setting element security
row = new Array();
row[0] = 'example_data.orders';
row[1] = JSSecurity.READ|JSSecurity.INSERT|JSSecurity.UPDATE|JSSecurity.DELETE|JSSecurity.TRACKING; //use bitwise 'or' for multiple flags
dataset.addRow(row);//setting table security
security.setSecuritySettings(dataset);//to be called in solution startup method
UPDATE
Constant representing the update flag for table security.
Type Number
Sample
var colNames = new Array();
colNames[0] = 'uuid';
colNames[1] = 'flags';
var dataset = databaseManager.createEmptyDataSet(0,colNames);
var row = new Array();
row[0] = '413a4d69-becb-4ae4-8fdd-980755d6a7fb';//normally retreived via security.getElementUUIDs(...)
row[1] = JSSecurity.VIEWABLE|JSSecurity.ACCESSIBLE; // use bitwise 'or' for both
dataset.addRow(row);//setting element security
row = new Array();
row[0] = 'example_data.orders';
row[1] = JSSecurity.READ|JSSecurity.INSERT|JSSecurity.UPDATE|JSSecurity.DELETE|JSSecurity.TRACKING; //use bitwise 'or' for multiple flags
dataset.addRow(row);//setting table security
security.setSecuritySettings(dataset);//to be called in solution startup method
VIEWABLE
Constant representing the viewable flag for form security.
Type Number
Sample
var colNames = new Array();
colNames[0] = 'uuid';
colNames[1] = 'flags';
var dataset = databaseManager.createEmptyDataSet(0,colNames);
var row = new Array();
row[0] = '413a4d69-becb-4ae4-8fdd-980755d6a7fb';//normally retreived via security.getElementUUIDs(...)
row[1] = JSSecurity.VIEWABLE|JSSecurity.ACCESSIBLE; // use bitwise 'or' for both
dataset.addRow(row);//setting element security
row = new Array();
row[0] = 'example_data.orders';
row[1] = JSSecurity.READ|JSSecurity.INSERT|JSSecurity.UPDATE|JSSecurity.DELETE|JSSecurity.TRACKING; //use bitwise 'or' for multiple flags
dataset.addRow(row);//setting table security
security.setSecuritySettings(dataset);//to be called in solution startup method
Methods Detailed
addPermissionToUser(a_userUID, permission)
Gives a user a permission Note: this method can only be called by an admin.
Parameters
Returns: Boolean true if added
Sample
var userUID = security.getUserUID();
security.addPermissionToUser(userUID, 'permission');
authenticate(authenticator_solution, method)
Authenticate to the Servoy Server using one of the installed authenticators or the Servoy default authenticator.
Note: this method should be called from a login solution.
Parameters
String authenticator_solution authenticator solution installed on the Servoy Server, null for servoy built-in authentication
String method authenticator method, null for servoy built-in authentication
Returns: Object authentication result from authenticator solution or boolean in case of servoy built-in authentication
Sample
// create the credentials object as expected by the authenticator solution
var ok = security.authenticate('myldap_authenticator', 'login', [scopes.globals.userName, scopes.globals.passWord])
if (!ok)
{
plugins.dialogs.showErrorDialog('Login failed', 'OK')
}
// if no authenticator name is used, the credentials are checked using the Servoy built-in user management
ok = security.authenticate(null, null, [scopes.globals.userName, scopes.globals.passWord])
authenticate(authenticator_solution, method, credentials)
Authenticate to the Servoy Server using one of the installed authenticators or the Servoy default authenticator.
Note: this method should be called from a login solution, once logged in, the authenticate method has no effect.
Parameters
String authenticator_solution authenticator solution installed on the Servoy Server, null for servoy built-in authentication
String method authenticator method, null for servoy built-in authentication
Array credentials array whose elements are passed as arguments to the authenticator method, in case of servoy built-in authentication this should be [username, password]
Returns: Object authentication result from authenticator solution or boolean in case of servoy built-in authentication
Sample
// create the credentials object as expected by the authenticator solution
var ok = security.authenticate('myldap_authenticator', 'login', [scopes.globals.userName, scopes.globals.passWord])
if (!ok)
{
plugins.dialogs.showErrorDialog('Login failed', 'OK')
}
// if no authenticator name is used, the credentials are checked using the Servoy built-in user management
ok = security.authenticate(null, null, [scopes.globals.userName, scopes.globals.passWord])
canAccess(formName)
Returns whether form is accessible.
security.canAccess(formName)
Parameters
String formName form name
Returns: Boolean true if accessible
canAccess(formName, elementName)
Returns whether element from form is accessible.
security.canAccess(formName,elementName)
Parameters
Returns: Boolean true if accessible
canDelete(dataSource)
Returns a boolean value for security rights.
Parameters
String dataSource the datasource
Returns: Boolean true if allowed
Sample
var dataSource = controller.getDataSource();
var canDelete = security.canDelete(dataSource);
var canInsert = security.canInsert(dataSource);
var canUpdate = security.canUpdate(dataSource);
var canRead = security.canRead(dataSource);
application.output("Can delete? " + canDelete);
application.output("Can insert? " + canInsert);
application.output("Can update? " + canUpdate);
application.output("Can read? " + canRead);
canInsert(dataSource)
Returns a boolean value for security rights.
Parameters
String dataSource the datasource
Returns: Boolean true if allowed
Sample
var dataSource = controller.getDataSource();
var canDelete = security.canDelete(dataSource);
var canInsert = security.canInsert(dataSource);
var canUpdate = security.canUpdate(dataSource);
var canRead = security.canRead(dataSource);
application.output("Can delete? " + canDelete);
application.output("Can insert? " + canInsert);
application.output("Can update? " + canUpdate);
application.output("Can read? " + canRead);
canRead(dataSource)
Returns a boolean value for security rights.
Parameters
String dataSource the datasource
Returns: Boolean true if allowed
Sample
var dataSource = controller.getDataSource();
var canDelete = security.canDelete(dataSource);
var canInsert = security.canInsert(dataSource);
var canUpdate = security.canUpdate(dataSource);
var canRead = security.canRead(dataSource);
application.output("Can delete? " + canDelete);
application.output("Can insert? " + canInsert);
application.output("Can update? " + canUpdate);
application.output("Can read? " + canRead);
canUpdate(dataSource)
Returns a boolean value for security rights.
Parameters
String dataSource the datasource
Returns: Boolean true if allowed
Sample
var dataSource = controller.getDataSource();
var canDelete = security.canDelete(dataSource);
var canInsert = security.canInsert(dataSource);
var canUpdate = security.canUpdate(dataSource);
var canRead = security.canRead(dataSource);
application.output("Can delete? " + canDelete);
application.output("Can insert? " + canInsert);
application.output("Can update? " + canUpdate);
application.output("Can read? " + canRead);
canView(formName)
Returns whether form is viewable.
security.canView(formName)
Parameters
String formName form name
Returns: Boolean true if viewable
canView(formName, elementName)
Returns whether element from form is viewable.
security.canView(formName,elementName)
Parameters
Returns: Boolean true if viewable
changeUserName(a_userUID, username)
Changes the username of the specified userUID. Note: this method can only be called by an admin user or a normal logged in user changing its own userName.
Parameters
Returns: Boolean true if changed
Sample
if(security.changeUserName(security.getUserUID('name1'), 'name2'))
{
application.output('Username changed');
}
checkPassword(a_userUID, password)
Returns true if the password for that userUID is correct, else false.
Parameters
Returns: Boolean true if password oke
Sample
if(security.checkPassword(security.getUserUID(), 'password1'))
{
security.setPassword(security.getUserUID(), 'password2')
}
else
{
application.output('wrong password')
}
createUser(username, password)
Creates a new user, returns new uid (or null when permission couldn't be created or user alreay exist). Note: this method can only be called by an admin.
Parameters
Returns: Object the userUID the created userUID, will be same if provided
Sample
var removeUser = true;
//create a user
var uid = security.createUser('myusername', 'mypassword');
if (uid) //test if user was created
{
// Get all the permissions
var set = security.getPermissions();
for(var p = 1 ; p <= set.getMaxRowIndex() ; p++)
{
// output name of the permission
application.output(set.getValue(p, 2));
// add permission to user
security.addPermissionToUser(uid, set.getValue(p,2));
}
// if not remove user, remove user from all the permissions
if(!removeUser)
{
// get now all the permissions that that users has (all if above did go well)
var set =security.getPermissions(uid);
for(var p = 1;p<=set.getMaxRowIndex();p++)
{
// output name of the permission
application.output(set.getValue(p, 2));
// remove permission from user
security.removePermissionFromUser(uid, set.getValue(p,2));
}
}
else
{
// delete the user (the user will be removed from the permissions)
security.deleteUser(uid);
}
}
createUser(username, password, userUID)
Creates a new user, returns new uid (or null when permission couldn't be created or user alreay exist). Note: this method can only be called by an admin.
Parameters
Returns: Object the userUID the created userUID, will be same if provided
Sample
var removeUser = true;
//create a user
var uid = security.createUser('myusername', 'mypassword');
if (uid) //test if user was created
{
// Get all the permissions
var set = security.getPermissions();
for(var p = 1 ; p <= set.getMaxRowIndex() ; p++)
{
// output name of the permission
application.output(set.getValue(p, 2));
// add permission to user
security.addPermissionToUser(uid, set.getValue(p,2));
}
// if not remove user, remove user from all the permissions
if(!removeUser)
{
// get now all the permissions that that users has (all if above did go well)
var set =security.getPermissions(uid);
for(var p = 1;p<=set.getMaxRowIndex();p++)
{
// output name of the permission
application.output(set.getValue(p, 2));
// remove permission from user
security.removePermissionFromUser(uid, set.getValue(p,2));
}
}
else
{
// delete the user (the user will be removed from the permissions)
security.deleteUser(uid);
}
}
deleteUser(userUID)
Deletes an user. returns true if no error was reported. Note: this method can only be called by an admin.
Parameters
Object userUID The UID of the user to be deleted.
Returns: Boolean true if the user is successfully deleted.
Sample
var removeUser = true;
//create a user
var uid = security.createUser('myusername', 'mypassword');
if (uid) //test if user was created
{
// Get all the permissions
var set = security.getPermissions();
for(var p = 1 ; p <= set.getMaxRowIndex() ; p++)
{
// output name of the permission
application.output(set.getValue(p, 2));
// add permission to user
security.addPermissionToUser(uid, set.getValue(p,2));
}
// if not remove user, remove user from all the permissions
if(!removeUser)
{
// get now all the permissions that that users has (all if above did go well)
var set =security.getPermissions(uid);
for(var p = 1;p<=set.getMaxRowIndex();p++)
{
// output name of the permission
application.output(set.getValue(p, 2));
// remove permission from user
security.removePermissionFromUser(uid, set.getValue(p,2));
}
}
else
{
// delete the user (the user will be removed from the permissions)
security.deleteUser(uid);
}
}
getClientID()
Returns the client ID.
Returns: String the clientId as seen on the server admin page
Sample
var clientId = security.getClientID()
getElementUUIDs(formname)
Returns the form elements UUID's as dataset, the one with no name is the form itself.
Parameters
String formname the formname to retieve the dataset for
Returns: JSDataSet dataset with element info
Sample
var formElementsUUIDDataSet = security.getElementUUIDs('orders_form');
getPermissions()
Get all the permissions of the solution (returns a dataset). first id column is deprecated!, use only the permission name column.
Returns: JSDataSet dataset with all the groups
Sample
var removeUser = true;
//create a user
var uid = security.createUser('myusername', 'mypassword');
if (uid) //test if user was created
{
// Get all the permissions
var set = security.getPermissions();
for(var p = 1 ; p <= set.getMaxRowIndex() ; p++)
{
// output name of the permission
application.output(set.getValue(p, 2));
// add permission to user
security.addPermissionToUser(uid, set.getValue(p,2));
}
// if not remove user, remove user from all the permissions
if(!removeUser)
{
// get now all the permissions that that users has (all if above did go well)
var set =security.getPermissions(uid);
for(var p = 1;p<=set.getMaxRowIndex();p++)
{
// output name of the permission
application.output(set.getValue(p, 2));
// remove permission from user
security.removePermissionFromUser(uid, set.getValue(p,2));
}
}
else
{
// delete the user (the user will be removed from the permissions)
security.deleteUser(uid);
}
}
getPermissions(userUID)
Get all the permissions for given user UID.
Parameters
Object userUID to retrieve the user permissions
Returns: JSDataSet dataset with permissions names
Sample
//get all the users in the security settings (Returns a JSDataset)
var dsUsers = security.getUsers()
//loop through each user to get their permissions
//The getValue call is (row,column) where column 1 == id and 2 == name
for(var i=1 ; i<=dsUsers.getMaxRowIndex() ; i++)
{
//print to the output debugger tab: "user: " and the username
application.output("user:" + dsUsers.getValue(i,2));
//set p to the user permissions for the current user
/** @type {JSDataSet} */
var p = security.getPermissions(dsUsers.getValue(i,1));
for(k=1;k<=p.getMaxRowIndex();k++)
{
//print to the output debugger tab: "permission" and the permission(s)
//the user has
application.output("permission: " + p.getValue(k,2));
}
}
getSystemUserName()
Retrieves the username of the currently logged in user on operating system level.
Returns: String the os user name
Sample
//gets the current os username
var osUserName = security.getSystemUserName();
getTenantValue()
Retrieve the tenant value for this Client, this value will be used as the value for all tables that have a column marked as a tenant column. This results in adding a table filter for that table based on that column and the this value.
A client with tenant value will only receive databroadcasts from other clients that have no or a common tenant value set Be sure to not access or depend on records having different tenant values, as no databroadcasts will be received for those
Returns: Array An array of tenant values for this client.
getUserName()
Get the current user name (null if not logged in), finds the user name for given user UID if passed as parameter.
Returns: String the user name
Sample
//gets the current loggedIn username
var userName = security.getUserName();
getUserName(userUID)
Get the current user name (null if not logged in), finds the user name for given user UID if passed as parameter.
Parameters
Object userUID the user UID used to retrieve the name
Returns: String the user name
Sample
//gets the current loggedIn username
var userName = security.getUserName();
getUserPermissions()
Get all the permissions of the current user.
Returns: JSDataSet dataset with permissions
Sample
//set p to the user permissions for the current user
/** @type {JSDataSet} */
var p = security.getUserPermissions();
for(k=1;k<=p.getMaxRowIndex();k++)
{
//print to the output debugger tab: "permission" and the permissons(s)
//the user has
application.output("permission: " + p.getValue(k,2));
}
getUserUID()
Get the current user UID (null if not logged in); finds the userUID for given user_name if passed as parameter.
Returns: String the userUID
Sample
//gets the current loggedIn username
var userName = security.getUserName();
//gets the uid of the given username
var userUID = security.getUserUID(userName);
//is the same as above
//var my_userUID = security.getUserUID();
getUserUID(username)
Get the current user UID (null if not logged in); finds the userUID for given user_name if passed as parameter.
Parameters
String username the username to find the userUID for
Returns: String the userUID
Sample
//gets the current loggedIn username
var userName = security.getUserName();
//gets the uid of the given username
var userUID = security.getUserUID(userName);
//is the same as above
//var my_userUID = security.getUserUID();
getUsers()
Get all the users in the security settings (returns a dataset).
Returns: JSDataSet dataset with all the users
getUsers(groupName)
Get all the users in the security settings (returns a dataset).
Parameters
String groupName the group to filter on
Returns: JSDataSet dataset with all the users
hasPermission(permisson)
Check if the current user has the given permission
Parameters
String permisson name of the permission
Returns: Boolean true if it has the given permission
Sample
//check whatever user is part of the Administrators permission
if(security.hasPermission('Administrators'))
{
// do administration stuff
}
hasPermission(permission, userUID)
Check if the given user has the given permission
Parameters
Returns: Boolean true if it has that given permission
Sample
//check whatever user is part of the Administrators permission
if(security.hasPermission('Administrators', security.getUserUID('admin')))
{
// do administration stuff
}
login(username, a_userUID, permissions)
Login to be able to leave the solution loginForm.
Example: Permissions names may be received from LDAP (Lightweight Directory Access Protocol) - a standard protocol used in web browsers and email applications to enable lookup queries that access a directory listing.
Parameters
String username the username, like 'JamesWebb'
Object a_userUID the user UID to process login for
Array permissions the permissions array
Returns: Boolean true if loggedin
Sample
var permissions = ['Administrators']; //normally these groups are for example received from LDAP
var user_uid = scopes.globals.email; //also this uid might be received from external authentication method
var ok = security.login(scopes.globals.username, user_uid , permissions)
if (!ok)
{
plugins.dialogs.showErrorDialog('Login failure', 'Already logged in? or no user_uid/permissions specified?', 'OK')
}
logout()
Logout the current user and close the solution, if the solution requires authentication and user is logged in. You can redirect to another solution if needed; if you want to go to a different url, you need to call application.showURL(url) before calling security.logout() (this is only applicable for Web Client). An alternative option to close a solution and to open another solution, while keeping the user logged in, is application.closeSolution().
Returns: void
Sample
//Set the url to go to after logout.
//application.showURL('http://www.servoy.com', '_self'); //Web Client only
security.logout();
//security.logout('solution_name');//log out and close current solution and open solution 'solution_name'
//security.logout('solution_name','global_method_name');//log out, close current solution, open solution 'solution_name' and call global method 'global_method_name' of the newly opened solution
//security.logout('solution_name','global_method_name','my_string_argument');//log out, close current solution, open solution 'solution_name', call global method 'global_method_name' with argument 'my_argument'
//security.logout('solution_name','global_second_method_name',2);
//security.logout('solution_name', {a: 'my_string_argument', p1: 'param1', p2: 'param2'});//log out, close current solution, open solution 'solution_name', call (login) solution's onOpen with argument 'my_argument' and queryParams p1,p2
//Note: specifying a solution will not work in the Developer due to debugger dependencies
//specified solution should be of compatible type with client (normal type or client specific(Smart client only/Web client only) type )
logout(solutionToLoad)
Logout the current user and close the solution, if the solution requires authentication and user is logged in. You can redirect to another solution if needed; if you want to go to a different url, you need to call application.showURL(url) before calling security.logout() (this is only applicable for Web Client). An alternative option to close a solution and to open another solution, while keeping the user logged in, is application.closeSolution().
Parameters
String solutionToLoad the solution to load after logout
Returns: void
Sample
//Set the url to go to after logout.
//application.showURL('http://www.servoy.com', '_self'); //Web Client only
security.logout();
//security.logout('solution_name');//log out and close current solution and open solution 'solution_name'
//security.logout('solution_name','global_method_name');//log out, close current solution, open solution 'solution_name' and call global method 'global_method_name' of the newly opened solution
//security.logout('solution_name','global_method_name','my_string_argument');//log out, close current solution, open solution 'solution_name', call global method 'global_method_name' with argument 'my_argument'
//security.logout('solution_name','global_second_method_name',2);
//security.logout('solution_name', {a: 'my_string_argument', p1: 'param1', p2: 'param2'});//log out, close current solution, open solution 'solution_name', call (login) solution's onOpen with argument 'my_argument' and queryParams p1,p2
//Note: specifying a solution will not work in the Developer due to debugger dependencies
//specified solution should be of compatible type with client (normal type or client specific(Smart client only/Web client only) type )
logout(solutionToLoad, argument)
Logout the current user and close the solution, if the solution requires authentication and user is logged in. You can redirect to another solution if needed; if you want to go to a different url, you need to call application.showURL(url) before calling security.logout() (this is only applicable for Web Client). An alternative option to close a solution and to open another solution, while keeping the user logged in, is application.closeSolution().
Parameters
String solutionToLoad the solution to load after logout
Object argument the argument to pass to the (login) solution onOpen
Returns: void
Sample
//Set the url to go to after logout.
//application.showURL('http://www.servoy.com', '_self'); //Web Client only
security.logout();
//security.logout('solution_name');//log out and close current solution and open solution 'solution_name'
//security.logout('solution_name','global_method_name');//log out, close current solution, open solution 'solution_name' and call global method 'global_method_name' of the newly opened solution
//security.logout('solution_name','global_method_name','my_string_argument');//log out, close current solution, open solution 'solution_name', call global method 'global_method_name' with argument 'my_argument'
//security.logout('solution_name','global_second_method_name',2);
//security.logout('solution_name', {a: 'my_string_argument', p1: 'param1', p2: 'param2'});//log out, close current solution, open solution 'solution_name', call (login) solution's onOpen with argument 'my_argument' and queryParams p1,p2
//Note: specifying a solution will not work in the Developer due to debugger dependencies
//specified solution should be of compatible type with client (normal type or client specific(Smart client only/Web client only) type )
logout(solutionToLoad, method)
Logout the current user and close the solution, if the solution requires authentication and user is logged in. You can redirect to another solution if needed; if you want to go to a different url, you need to call application.showURL(url) before calling security.logout() (this is only applicable for Web Client). An alternative option to close a solution and to open another solution, while keeping the user logged in, is application.closeSolution().
Parameters
String solutionToLoad the solution to load after logout
String method the method to run in the solution to load
Returns: void
Sample
//Set the url to go to after logout.
//application.showURL('http://www.servoy.com', '_self'); //Web Client only
security.logout();
//security.logout('solution_name');//log out and close current solution and open solution 'solution_name'
//security.logout('solution_name','global_method_name');//log out, close current solution, open solution 'solution_name' and call global method 'global_method_name' of the newly opened solution
//security.logout('solution_name','global_method_name','my_string_argument');//log out, close current solution, open solution 'solution_name', call global method 'global_method_name' with argument 'my_argument'
//security.logout('solution_name','global_second_method_name',2);
//security.logout('solution_name', {a: 'my_string_argument', p1: 'param1', p2: 'param2'});//log out, close current solution, open solution 'solution_name', call (login) solution's onOpen with argument 'my_argument' and queryParams p1,p2
//Note: specifying a solution will not work in the Developer due to debugger dependencies
//specified solution should be of compatible type with client (normal type or client specific(Smart client only/Web client only) type )
logout(solutionToLoad, method, argument)
Logout the current user and close the solution, if the solution requires authentication and user is logged in. You can redirect to another solution if needed; if you want to go to a different url, you need to call application.showURL(url) before calling security.logout() (this is only applicable for Web Client). An alternative option to close a solution and to open another solution, while keeping the user logged in, is application.closeSolution().
Parameters
String solutionToLoad the solution to load after logout
String method the method to run in the solution to load
Object argument the argument to pass to the method to run
Returns: void
Sample
//Set the url to go to after logout.
//application.showURL('http://www.servoy.com', '_self'); //Web Client only
security.logout();
//security.logout('solution_name');//log out and close current solution and open solution 'solution_name'
//security.logout('solution_name','global_method_name');//log out, close current solution, open solution 'solution_name' and call global method 'global_method_name' of the newly opened solution
//security.logout('solution_name','global_method_name','my_string_argument');//log out, close current solution, open solution 'solution_name', call global method 'global_method_name' with argument 'my_argument'
//security.logout('solution_name','global_second_method_name',2);
//security.logout('solution_name', {a: 'my_string_argument', p1: 'param1', p2: 'param2'});//log out, close current solution, open solution 'solution_name', call (login) solution's onOpen with argument 'my_argument' and queryParams p1,p2
//Note: specifying a solution will not work in the Developer due to debugger dependencies
//specified solution should be of compatible type with client (normal type or client specific(Smart client only/Web client only) type )
removePermissionFromUser(a_userUID, permission)
Removes an permission from a user. Note: this method can only be called by an admin.
Parameters
Returns: Boolean true if removed
Sample
var removeUser = true;
//create a user
var uid = security.createUser('myusername', 'mypassword');
if (uid) //test if user was created
{
// Get all the permissions
var set = security.getPermissions();
for(var p = 1 ; p <= set.getMaxRowIndex() ; p++)
{
// output name of the permission
application.output(set.getValue(p, 2));
// add permission to user
security.addPermissionToUser(uid, set.getValue(p,2));
}
// if not remove user, remove user from all the permissions
if(!removeUser)
{
// get now all the permissions that that users has (all if above did go well)
var set =security.getPermissions(uid);
for(var p = 1;p<=set.getMaxRowIndex();p++)
{
// output name of the permission
application.output(set.getValue(p, 2));
// remove permission from user
security.removePermissionFromUser(uid, set.getValue(p,2));
}
}
else
{
// delete the user (the user will be removed from the permissions)
security.deleteUser(uid);
}
}
setPassword(a_userUID, password)
Set a new password for the given userUID. Note: this method can only be called by an admin user or a normal logged in user changing its own password.
Parameters
Returns: Boolean true if changed
Sample
if(security.checkPassword(security.getUserUID(), 'password1'))
{
security.setPassword(security.getUserUID(), 'password2')
}
else
{
application.output('wrong password')
}
setSecuritySettings(dataset)
Sets the security settings; the entries contained in the given dataset will override those contained in the current security settings.
NOTE: The security.getElementUUIDs and security.setSecuritySettings functions can be used to define custom security that overrides Servoy security. For additional information see the function security.getElementUUIDs.
Parameters
Object dataset the dataset with security settings
Returns: void
Sample
var colNames = new Array();
colNames[0] = 'uuid';
colNames[1] = 'flags';
var dataset = databaseManager.createEmptyDataSet(0,colNames);
var row = new Array();
row[0] = '413a4d69-becb-4ae4-8fdd-980755d6a7fb';//normally retreived via security.getElementUUIDs(...)
row[1] = JSSecurity.VIEWABLE|JSSecurity.ACCESSIBLE; // use bitwise 'or' for both
dataset.addRow(row);//setting element security
row = new Array();
row[0] = 'example_data.orders';
row[1] = JSSecurity.READ|JSSecurity.INSERT|JSSecurity.UPDATE|JSSecurity.DELETE|JSSecurity.TRACKING; //use bitwise 'or' for multiple flags
dataset.addRow(row);//setting table security
security.setSecuritySettings(dataset);//to be called in solution startup method
setTenantValue(value)
Set the tenant value for this Client, this value will be used as the value for all tables that have a column marked as a tenant column. This results in adding a table filter for that table based on that column and the given value, using JSTableFilter.dataBroadcast(true).
When creating a new record, this value will be auto filled in for all the columns that are marked as a tenant column. If you give an array of values then the first array value is used for this.
When a tenant value is set the client will only receive databroadcasts from other clients that have no or a common tenant value set. If the tenant value is a list then the broadcast will be filtered only if there is single element match between the 2 list, so ['a','b'] will match ['a','c'] but not ['c','d'], the actual data of a recod is ignored for this. Be sure to not access or depend on records having different tenant values, as no databroadcasts will be received for those
Parameters
Object value a single tenant value or an array of tenant values to filter tables having a column flagged as Tenant column by.
Returns: void
setUserUID(a_userUID, newUserUID)
Set a new userUID for the given userUID. Note: this method can only be called by an admin.
Parameters
Returns: Boolean true if changed
Last updated
Was this helpful?