For example:
var result = Number(event.n1) + Number(event.n2);
return result;
I’d like to do something very simple, such as:
var user_name_value = user.id;
return user_name_value;
This is not the correct syntax and it may be that it’s not this easy. Could someone show me the correct syntax to use to capture the logged in user and return that value to the requester in a custom script?
Is there are particular reason you need to do this with a script?
In your app just do a GET on /rest/user/profile. This will return the full profile, from which you can parse out the name.
Maybe I don’t grasp your use case, but it seems unnecessary to call a custom script for this. You can return the current user’s username by calling GET /rest/user/profile and receive a response like this:
{
"first_name": "Firstname",
"last_name": "Surname",
"display_name": "Firstname Surname",
"email": "user@domain.com",
"phone": "678-555-5555",
"security_question": "What is the airspeed velocity of an unladen swallow?",
"default_app_id": 3
}
Your app can then use whatever field you’re looking for (not sure if by username you mean email, firstname/lastname, or display name).
Thanks, those are both helpful answers for getting the user’s profile information on the client side. I would like to be able to use the user variable(s) on the server side.
A use case would be to intercept and enable a db query to join on email, for example.
This would allow me to generically call a REST enabled query from the client, but then to verify on the server side that the query only returns data relative to the requester’s login when I do the join. This way the server is not relying on the client side to send in the correct user information, it’s getting it from the logged in session information when the client request connects.
I’m assuming that I can access that login/session information on the server side?
Bear with me while I try to understand your use case further.
From a server-side perspective, how would the user’s name be the logged-in user’s name? You could have ten, or a hundred, or a thousand users logged in at any given time.
Plus, each client device knows what his own user’s name is: it’s available to him at rest/user/profile and it’s returned to him in the response to his login POST /rest/user/session, so the client could provide his own user name along with any API call at any time.
If you’re simply concerned about table-level or row-level data security, I recommend checking out some of the below links. I assume you’ve read them already, I just need to know how/why they don’t fit your use case.
I’m going to explore this code snippet, I believe that it’s getting the user session information that I’m looking for:
var result = platform.api.get(“user/session”)
To try to answer your questions a little further:
When the client connects with a request, it’s possible that it could be sending someone else’s name/email/id through the URL. Essentially, the URL is just a string sent over HTTP. I.E. - I could be sending a request for records and put my name=jeffreystables in the URL string. I wanted to see where I could actually check on the server side, when it receives the request, who the user is that is actually logged into the system - and then return values relative to that person.
The links above that you sent are very helpful, if I’m trying to limit access based on a record owner.
But, what if I want to setup a linking table where I’m able to configure the people who I want to see information on another record in another table. I.E. - I setup a reference table where I allow myself, drewpearce & jeffreystables to see a certain record in another table. I’m the record owner in the reference table, but I want drewpearce & jeffreystables to be able to access the record in the reference table also. However, I still want the server to actually check that it’s jeffreystables making the request, not some other user who is logged, but is trying to see your data.
Make sense? I’ll post more as I work through this today.
I am trying to get the {user.id} as well in a server Process Event Script. I am attempting to do a lookup of the role of the caller of the script API to determine the role user the caller.
My objective - use the role to get the Lookup Key associated with the Role and append to my filter.
The active role is included in the user/session data.
You can use it to query system/role/{id}?related=role_lookup_by_role_id
to get the lookups associated with the role