Returning the logged in user's name with a custom script

I would like to have a custom script check who the logged in user is and return their username to them.

There are some straightforward examples of custom scripts in this blog post:
https://blog.dreamfactory.com/build-your-own-web-services-using-dreamfactory-custom-scripts

For example:
var result = Number(event.n1) + Number(event.n2);
return result;

I’d like to do something very simple, such as:
var user_name_value = user.id;
return user_name_value;

This is not the correct syntax and it may be that it’s not this easy. Could someone show me the correct syntax to use to capture the logged in user and return that value to the requester in a custom script?

Thanks!

-Brian

Is there are particular reason you need to do this with a script?
In your app just do a GET on /rest/user/profile. This will return the full profile, from which you can parse out the name.

Maybe I don’t grasp your use case, but it seems unnecessary to call a custom script for this. You can return the current user’s username by calling GET /rest/user/profile and receive a response like this:

{
  "first_name": "Firstname",
  "last_name": "Surname",
  "display_name": "Firstname Surname",
  "email": "user@domain.com",
  "phone": "678-555-5555",
  "security_question": "What is the airspeed velocity of an unladen swallow?",
  "default_app_id": 3
}

Your app can then use whatever field you’re looking for (not sure if by username you mean email, firstname/lastname, or display name).

Thanks, those are both helpful answers for getting the user’s profile information on the client side. I would like to be able to use the user variable(s) on the server side.

A use case would be to intercept and enable a db query to join on email, for example.

This would allow me to generically call a REST enabled query from the client, but then to verify on the server side that the query only returns data relative to the requester’s login when I do the join. This way the server is not relying on the client side to send in the correct user information, it’s getting it from the logged in session information when the client request connects.

I’m assuming that I can access that login/session information on the server side?

Bear with me while I try to understand your use case further.

From a server-side perspective, how would the user’s name be the logged-in user’s name? You could have ten, or a hundred, or a thousand users logged in at any given time.

Plus, each client device knows what his own user’s name is: it’s available to him at rest/user/profile and it’s returned to him in the response to his login POST /rest/user/session, so the client could provide his own user name along with any API call at any time.

If you’re simply concerned about table-level or row-level data security, I recommend checking out some of the below links. I assume you’ve read them already, I just need to know how/why they don’t fit your use case.

No problem, I really appreciate the help.

I think that you may have answered my question with this link:
https://community.dreamfactory.com/t/limit-api-responses-based-on-user-or-role/693

I’m going to explore this code snippet, I believe that it’s getting the user session information that I’m looking for:

var result = platform.api.get(“user/session”)

To try to answer your questions a little further:
When the client connects with a request, it’s possible that it could be sending someone else’s name/email/id through the URL. Essentially, the URL is just a string sent over HTTP. I.E. - I could be sending a request for records and put my name=jeffreystables in the URL string. I wanted to see where I could actually check on the server side, when it receives the request, who the user is that is actually logged into the system - and then return values relative to that person.

The links above that you sent are very helpful, if I’m trying to limit access based on a record owner.

But, what if I want to setup a linking table where I’m able to configure the people who I want to see information on another record in another table. I.E. - I setup a reference table where I allow myself, drewpearce & jeffreystables to see a certain record in another table. I’m the record owner in the reference table, but I want drewpearce & jeffreystables to be able to access the record in the reference table also. However, I still want the server to actually check that it’s jeffreystables making the request, not some other user who is logged, but is trying to see your data.

Make sense? I’ll post more as I work through this today.

-Brian

Ok, I figured out this part of what I’m trying to do. Thanks for the help to get here.

On the DSP, create a new custom script. Called it “username”. Here’s the code:

var user_name_value = platform.api.get(“user/session”);
return user_name_value;

POST (and I repeat, POST) to the script’s url:

http://localhost/rest/system/script/username?is_user_script=true&app_name=my_app

It will return json similar to the following:

{
“is_user_script”: “true”,
“app_name”: “my_app”,
“path”: “system/script/username”,
tag”: “exposed_event”,
“script_result”: {
“id”: 1,
“display_name”: “Brian Fisher”,
“first_name”: “Brian”,
“last_name”: “Fisher”,
“email”: “brian.fisher@home.com”,
“is_sys_admin”: true,
“last_login_date”: “2015-08-12 17:05:49”,
“dsp_name”: “core”,
“ticket”: “xxxx,”,
“ticket_expiry”: xxxx,
“session_id”: “xxxx”,
“app_groups”: ,
“no_group_apps”:
}
}

1 Like

And then, with a quick change to the script you can get just the user id:

var user_name_value = platform.api.get(“user/session”);
return user_name_value.id;

The returned json:

{
“is_user_script”: “true”,
“app_name”: “my_app”,
“path”: “system/script/username”,
tag”: “exposed_event”,
“script_result”: 1
}

1 Like

Very cool, @Brian_Fisher! Glad you have what you need.

I am trying to get the {user.id} as well in a server Process Event Script. I am attempting to do a lookup of the role of the caller of the script API to determine the role user the caller.

My objective - use the role to get the Lookup Key associated with the Role and append to my filter.

How can this be achieved?

Thanks

I have been able to get the user id. What I did is as follows:

var user_name_value = platform.api.get(“user/session”);

var_dump(user_name_value[‘content’].id); - This provided the user id.

Now I need to find the API to get the role for this user so I can get the Lookup Key I attach to the role.

The active role is included in the user/session data.
You can use it to query system/role/{id}?related=role_lookup_by_role_id
to get the lookups associated with the role

@formerstaff - Thanks.

How do I get the lookup_key XYZ associated with such a role? Where can I find the related=YYYYYY to get the lookup key’s value?

Thanks.