Stored Procedure and Record Level Access Control with Server-Side Filters


#1

Hello Everyone,
I’ve been playing around with the framework and it’s been amazing so far. I’ve come across a couple of issues that I would like to share so that you can help me resolve them.
I understand that I can use API calls to a specific table and set related parameters to make a join query and get results. It works fine and I was also able to test it with custom system lookup keys to implement record level access control. However, I would prefer to make my queries in stored procedures and call them with parameters. I managed to create a store procedure which received a city_id parameter and I was able to retrieve data from the database provided that I supply the city_id. What I want is that the server uses the authenticated user’s city_id and only retrieve the records associated to his/her city_id. I understand that I can define my parameters in the POST request like this:

  {
     "city_id": "{user.city_id}"
  }

but that’s not what I want. I tried to assign an advanced filter for that role but it didn’t work.
I hope I was able to make myself clear.
Thanks in advance
PS: You can see how I made a custom system lookup key in my other post


#2

Did you find a solution on your own to this mohammad?

I want to achive approximately the same thing…

Best regards // Natonk