5.2. Users and Permissions - en-US

Granting Access to Users
Table of Contents
Outline................................................................................................................................. 2
Scenario 2
How to..................................................................................................................................4
Creating the HR Manager Role 4
Hiding Screens 5
Testing 7
Employee Vacations Screen 8
Fetching Employee Leaves 9
Creating the Interface 11
Checking Permissions in the Vacations App 15
Creating the Role and Restricting Access to the Screens 15
Hiding Menu Elements 16
Grant the Role to Your User 20
Changing Settings in ODC Portal 21
Employee Manager Permissions 23
Updating the CheckPermissions Action 28
Checking Permissions in the Menu 30
Testing in the Browser 32
Wrapping up......................................................................................................................35
knowledge@outsystems.com © 2022 by OutSystems. All rights reserved. OutSystems is a registered trademark of OutSystems. The information contained
herein is subject to change without notice. All terms and conditions for OutSystems products and services are set forth in the
www.outsystems.com agreements accompanying such products and services. Nothing herein should be construed as constituting an additional
warranty. OutSystems shall not be liable for technical or editorial errors or omissions contained herein.
Outline
In this exercise, you'll create a new Role for the HR Manager on your apps. This role will
help you to:
● restrict the access to the Projects Screen in the Directory app to users that have
the HR Manager role.
● restrict the access to the Employee Vacations Screen in the Directory app to
users that have the HRManager role.
This Employee Vacations Screen does not exist yet, so you will create it in this exercise.
This Screen will display all employees with their pre-scheduled vacation days, plus the
remaining vacation days they have.
Besides that, you will also check if a user is a manager of another employee in the
Vacations app, and hide the menu entries for the Pending Requests and Delegate
Screens to users that are managers of other employees.
In the end, you'll have a Menu whose entries are visible (or not) depending on a user's
Role.
Scenario
When you installed the Directory app, it already came with the Directory Role. To access
the Directory app's Screens, any user must have this Role; otherwise, they don't get
www.outsystems.com • knowledge@outsystems.com 2
access. Now, you'll add a new Role — HRManager — and you'll use it to restrict access
to the app's Projects area.
Then, on the Vacations app, you'll create a new Screen called EmployeeVacations. This
Screen will display the number of scheduled and remaining vacation days for all
employees and it will look like the following screenshot:
Also, you want to customize the Vacations app's Menu to hide the option to access this
new Screen from users that are not HRManagers. You'll also create the HRManager
Role in the Vacations app, then you will build a Data Action and use the built-in Check
Role Action to check if the user has the right permissions to see the menu option.
Finally, you'll follow a similar approach, but this time to check whether an employee
manages another employee. If a user is a manager of another employee, then they
should see the Pending Requests and Delegate functionality in the Menu, otherwise,
they can't see these menu options. So you'll need a Server Action to perform that
verification and use it in the Data Action already created.
How to
Now that you know the scenario, let's implement it by following this how-to guide!
Creating the HR Manager Role

Let's start by creating a new Role for the HR manager in the Directory app. The process
is pretty much the same as in O11.
1) Open ODC Studio, log in, and open the Directory App by double-clicking on it.
2) Create a new Role.
3) Name the new Role HRManager.
Hiding Screens
That was fast! Now, you will use the HRManager Role to restrict access to the Projects
and ProjectDetail Screens and to hide the Project menu entry to users who don't have
the HRManager Role.
1) Change the Projects Screen permissions to only authorize users with the
HRManager Role.
2) Do the same for the ProjectDetail Screen. Now, let's work on the Menu!
3) Open the Menu Block in the Common flow and open the Widget tree to help
you complete the next steps.
4) Enclose the third Link (the one with the Projects Screen) in an If.
5) Set the Name of the If to CheckIsHRManager and set its Condition to

CheckHRManagerRole().
Note: Here, you are using the CheckRole Client Action, which is quite new and
was introduced in OutSystems Developer Cloud (ODC). However, don't forget
that this is a client-side verification.
6) Publish the app to save the latest changes.
Testing
Time to test the access to the Screens and menu option.
1) Open the Directory app in the browser.
2) Try to open the Projects Screen by adding /Projects to the end of the URL.
You should not be able to access the Screen, since you don't have the
HRManager role assigned to your user.
Employee Vacations Screen
In this section, we will work on the Vacations app. You will start by creating a new
Screen to display the employees and how many vacation days they have left.
1) Go back to ODC Studio and open the Vacations app.
2) Create a new Screen named EmployeesVacations and make it accessible only by

users with the Vacations Role.
3) Drag the EmployeesVacations Screen to the Menu.
4) Add a space between the two words in the Link's Text (Employees Vacations).
5) Set the Style Class of the Link in the Menu to "margin-left-base".
Fetching Employee Leaves

Let's create an Aggregate with the information regarding the employees and their
scheduled vacations/leaves.
1) Add an Aggregate to the EmployeesVacations Screen.
2) Add the Employee and the EmployeeLeave Entities as the Aggregate sources.
Note: Make sure the name of the Aggregate is changed to GetEmployeeLeaves.
3) Change the Join to Employee With or Without EmployeeLeave.
4) Group the records by the EmployeeId attribute of the EmployeeLeave Entity.
Note: The attribute may be hidden, so make sure you make it visible in the
Aggregate's preview.
5) Then, group by the Name attribute of the Employee Entity.
6) Finally, create a Count for the Id attribute of the EmployeeLeave Entity.
The Aggregate is ready to be used!
Creating the Interface

Now that we have the data, let's display it on the Screen. We want to show the
Employee Name, the number of vacation days scheduled, and the number of remaining
vacation days.
1) Drag the GetEmployeeLeaves Aggregate and drop it in the

EmployeesVacations Screen.
2) Rename the Header of the Count column to Days Scheduled .
So far, we have the employee's name and the vacation days scheduled. Now, we
want to calculate and display the remaining days.
3) Add a new column to the table, right after the Name column.
4) Set the Header of the new column to Remaining.
The remaining days can be simply calculated by subtracting the scheduled days
from the maximum number of vacation days an employee can schedule in a
year.
Remaining days = Max days - Scheduled days
You might be wondering: Where do the max vacation days come from? It's
simple; it comes from a Setting.
Since Settings cannot be accessed by Screens, you will need to create a Data
Action to get the maximum number of days.
5) Create a new Data Action in the EmployeesVacations Screen and name it

GetMaxDays.
6) Set the Name of its Output Parameter to Days and set the Data Type to
Integer.
7) Drag an Assign to the Flow and set the Days Output Parameter as the
VacationsDays stored in the Settings.
8) Go back to the EmployeesVacations Screen and drag an Expression to the

Remaining column.
9) Set its Value to GetMaxDays.Days - GetEmployeeLeaves.List.Current.Count
Your Screen preview will look like the one below:
Checking Permissions in the Vacations App

Similarly to the Directory App, you will also control the access to some functionalities in
the Vacations app. The EmployeesVacations Screen should only be accessible and
visible to an HR Manager.
Since the Roles are not shared between apps, we need to create a Role with the same
name of the one existing in the Directory app - HRManager - in the Vacations app.
Creating the Role and Restricting Access to the Screens

1) Create a new Role and set its Name to HRManager.
2) In the Interface tab, select the EmployeeVacations Screen and make sure it is
only accessible to users with the HRManager Role.
Note: Don't forget to add the HRManager permissions to all other Screens of
the app.
Hiding Menu Elements

Now, we also want to hide the Employee Vacations menu entry to every user that is not
an HR Manager. To achieve that, we first need to create a Data Action to check for the
user permissions.
1) Create a Data Action in the Menu Block and name it CheckPermissions.
2) Set the Name of the Output Parameter to HasHRManagerRole and change the
Data Type to Boolean.
3) Let's start the implementation of the CheckPermissions Data Action. Drag the
CheckHRManagerRole Server Action, located under the Logic tab in the Roles
folder, to the flow of the Data Action.
4) Add an Assign under the CheckHRManagerRole Action in the flow. Select the
HasHRManagerRole Output Parameter and assign it to the HasRole Output of
the CheckHRManagerRole Action.
Now that you have the Data Action checking if the user has the expected role,
it's time to apply the result to show or hide the Menu's UI.
5) Open the Menu Block and enclose the Link containing the EmployeeVacations
Screen in an If.
6) Set the Name of the If to CheckIsHrManager and the Condition to be
CheckPermissions.HasHRManagerRole.
Here is what the Menu will look like for now in the Widget Tree:
7) Publish your app and open it in the browser.
Can you see the Employees Vacations link in the Menu? No? Why is that? You're
not an HR Manager! Let's take care of that!
Grant the Role to Your User
1) Open the ODC Portal and grant the HRManager Role from the Directory and
the Vacations apps to your user.
2) Go to the Vacations app in the browser, then log out and log in again.
You should be able to see the Employee Vacations in the Menu!
Note: You can also take this opportunity to test the Projects Screen in the
Directory browser (don't forget to login again).
3) Open the Employee Vacations Screen and make sure everything works as
expected.
Note: In this example, each employee has 25 Vacation days. This number
comes from the VacationsDays Setting, and you can change it at design time in
ODC Studio or in ODC Portal.
Changing Settings in ODC Portal

Let's edit the value of the Setting in ODC Portal.
1) Open ODC Portal and click on your Vacations app.
2) Expand the Settings area and click on the VacationsDays to edit it.
3) Change its Value to 20.
4) Refresh the Employee Vacations Screen in the browser to see the changes.
Employee Manager Permissions

Until now, you created logic to check if a user is an HRManager, before accessing some
parts and functionalities of both your apps. Now, you'll create a Server Action to check
whether the user is an Employee Manager, and use it to hide the Pending Requests
and Delegate Menu options.
This new Server Action will be a little bit different from the one to check the HRManager
Role, since we do not have an EmployeeManager Role. Therefore, you'll use a different
approach where you will query the Employee Entity that is referenced from the
Directory app.
1) Go back to the Vacations app in ODC Studio.
2) Create a new Server Action called IsEmployeeManager.
3) Add an Output Parameter named IsManager with Data Type set to Boolean.
4) Drag an Aggregate to the Action flow and select the Employee Entity as the
source.
We are only interested in the data regarding the user who is logged in, so let's
use a filter.
5) Add the following filter:
Employee.UserId = GetUserId()
6) Go back to the Action flow and add another Aggregate under the previous one.
7) Select the Employee Entity as well as Source and add the following filter:
Employee.ManagerId = GetEmployeesByUserId.List.Current.Employee.Id
This time, we're interested in the Employees who have the user logged in
assigned as their Manager.
8) Drag an Assign under the last Aggregate.
9) Assign the Output Parameter IsManager as not

GetEmployeesByManagerId.List.Empty
The value of the Output Parameter IsManager will depend on the List of
Employees returned by the GetEmployeesByManager Aggregate. If it is empty,
it means the user logged in is not a Manager. Following the same logic, if the
List is not empty, it means the user logged in is a Manager.
The IsEmployeeManager Server Action should look like the one below:
10) Publish your app to save the latest changes.
Updating the CheckPermissions Action
To finish the exercise, we want the Pending Requests and Delegate Screens to be visible
only for users who are Managers. So, you'll use the recently created Server Action that
checks if a user is a Manager inside the CheckPermissions Data Action in the Menu.
1) Expand the Common UI Flow, then open the CheckPermissions Data Action in
the Menu Block.
2) Add a new Output Parameter named IsUserEmployeeManager with Data Type

set to Boolean.
3) Drag the IsEmployeeManager Server Action to the CheckPermissions flow,
right under the CheckHRManagerRole Action.
4) Use the existing Assign to assign the IsUserEmployeeManager Output to

IsEmployeeManager.IsManager.
The CheckPermissions Data Action should look like the one below:
Checking Permissions in the Menu

Let's use the CheckPermissions Action to hide the Links to the Pending Requests and
Delegate Screens in the Menu, this time using the IsUserEmployeeManager Output.
1) Open the Menu's Widget Tree.
2) Enclose the Pending requests and Delegate Links in an If.
3) Set the Name of the If to CheckIsEmployeeManager and set the Condition to be

CheckPermissions.IsUserEmployeeManager.
The Widget Tree should look like this after you're done:
4) Publish the app to save the latest changes.
Testing in the Browser

It's finally time to test everything!
1) Open the Vacations app in the browser.
You should not be able to see the Pending requests and Delegate Screens.
Note: If during the previous exercises you have assigned your user as the
manager of another employee, you will see all the links and you can skip the
next steps.
2) Open the Directory app in the browser and click on the Employees Screen.
3) Click on an employee's name to see the EmployeeDetail Screen.
4) Select your user as the manager and click on Save.
Now you should be able to see all the Links in the Menu!
Wrapping up
Congratulations on finishing this tutorial, which is the last one for this course. With this
exercise, you had the chance to go through some essential aspects of OutSystems
Developer Cloud, such as deployments, users and permissions, and libraries, among
others. Now, just continue exploring and create your own apps using ODC!

5.2. Users and Permissions - en-US

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

5.2. Users and Permissions - en-US

Uploaded by

Copyright:

Available Formats

Granting Access to Users

Creating the HR Manager Role

2) Create a new Role.

3) Name the new Role HRManager.

5) Set the Name of the If to CheckIsHRManager and set its Condition to

6) Publish the app to save the latest changes.

1) Open the Directory app in the browser.

1) Go back to ODC Studio and open the Vacations app.

2) Create a new Screen named EmployeesVacations and make it accessible only by

3) Drag the EmployeesVacations Screen to the Menu.

5) Set the Style Class of the Link in the Menu to "margin-left-base".

Fetching Employee Leaves

1) Add an Aggregate to the EmployeesVacations Screen.

Note: Make sure the name of the Aggregate is changed to GetEmployeeLeaves.

3) Change the Join to Employee With or Without EmployeeLeave.

4) Group the records by the EmployeeId attribute of the EmployeeLeave Entity.

6) Finally, create a Count for the Id attribute of the EmployeeLeave Entity.

The Aggregate is ready to be used!

Creating the Interface

1) Drag the GetEmployeeLeaves Aggregate and drop it in the

4) Set the Header of the new column to Remaining.

Remaining days = Max days - Scheduled days

5) Create a new Data Action in the EmployeesVacations Screen and name it

8) Go back to the EmployeesVacations Screen and drag an Expression to the

Your Screen preview will look like the one below:

Checking Permissions in the Vacations App

Creating the Role and Restricting Access to the Screens

Hiding Menu Elements

1) Create a Data Action in the Menu Block and name it CheckPermissions.

7) Publish your app and open it in the browser.

You should be able to see the Employee Vacations in the Menu!

Changing Settings in ODC Portal

1) Open ODC Portal and click on your Vacations app.

3) Change its Value to 20.

Employee Manager Permissions

1) Go back to the Vacations app in ODC Studio.

2) Create a new Server Action called IsEmployeeManager.

5) Add the following filter:

9) Assign the Output Parameter IsManager as not

10) Publish your app to save the latest changes.

2) Add a new Output Parameter named IsUserEmployeeManager with Data Type

4) Use the existing Assign to assign the IsUserEmployeeManager Output to

Checking Permissions in the Menu

1) Open the Menu's Widget Tree.

3) Set the Name of the If to CheckIsEmployeeManager and set the Condition to be

Testing in the Browser

1) Open the Vacations app in the browser.

4) Select your user as the manager and click on Save.

You might also like