Hi.
I am trying to assign a custom role to a user using REST API, and i am getting this message:
{“message”:“Assign/unassign role is available only from server code”,“code”:2011}
Is that functionality blocked in REST API?
Regards,
Andrés
Hi Andrés,
Yes, we decided to block that functionality from the client side since it would be a security hole. If anyone can change user roles with a client-side API call, you’d run a risk of some user becoming an administrator without you knowing it.
Can I help with information on getting it done with the server-side code?
Regards,
Mark
Yes, please. I am using PHP to make calls to REST API. How can i include server code in that scenario? Is there a way to create a custom server-side function for assign/unassign roles and call it using REST API?
Regards,
Andrés
No problem. It will have to be server-code running on our servers. This is done with the custom business logic. You would need to use either a built-in event handler or a custom one (the custom event handler can be invoked directly from your app).
Here are a few links to get you started:
https://backendless.com/developing-custom-server-code-with-backendless-mbaas/
https://backendless.com/custom-events-direct-invocation-of-custom-server-side-code/
Cheers,
Mark
Thanks Mark. I will try it and let you know.
One more question please. The free tier includes 5 roles. Does it mean 5 roles plus the default ones? Or with them included?
Regards,
Andrés
Hi, Andrés.
It means that we have 5 default roles in every app
and dev can add 5 custom roles for free. As the result you will receive 10 roles in your app for free.
Regards,
Kate.
Thanks Kate.
Regards,
Andrés
Hi again.
I am trying to assign role using server-code through a REST call, but i am not able to make it work. I have this in history and logs:
Timestamp Status Logs
30/7/2014 14:28:42 timeout
30/7/2014 14:30:19 timeout
This is my request:
POST /v1/servercode/events/AutorizarDependiente HTTP/1.1 Host: api.backendless.com Content-Length: 34 User-Agent: Guzzle/3.9.1 curl/7.28.1 PHP/5.4.10 application-id: XXXXXXXXX secret-key: XXXXXXXX application-type: REST Content-Type: application/json {“identity”: “terceros@tactel.es”}
This is the response:
HTTP/1.1 200 OK Server: nginx/1.4.2 Date: Wed, 30 Jul 2014 12:30:19 GMT Content-Type: application/json; charset=utf-8 Content-Length: 2 Connection: keep-alive Access-Control-Allow-Headers: origin, application-id, application-type, content-type, secret-key, request, user-token Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE Access-Control-Allow-Origin: * Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-cache, : no-store, no-cache, must-revalidate, private Pragma: : no-cache {}
And this is my server-code:
@BackendlessEvent("AutorizarDependiente")
public class AutorizarDependienteEventHandler extends com.backendless.servercode.extension.CustomEventHandler {
@Override
public Map handleEvent(RunnerContext context, Map eventArgs) {
final String ROL_DEPENDIENTE_USER = "DependienteUser";
int code = 0;
String message = "";
try {
String identity = (String) eventArgs.get("identity");
Backendless.UserService.assignRole(identity, ROL_DEPENDIENTE_USER);
}
catch (Exception ex) {
code = 1;
message = ex.getMessage();
}
HashMap<String, Object> retorno = new HashMap<String, Object>();
retorno.put("code", code);
retorno.put("message", message);
return retorno;
}
}
I expect to get a Map with two values, but i get an empty one. I tried to debug it following the video steps, but i am not able to make it work either.
Regards,
Andrés
Hi, Andres.
We will check it.
Do you use Async method?
We created a sample with your code and all works…
Check if a role was assigned to this user.
Regards,
Kate.
Hi Kate.
I am not using async methods.
I have checked terceros@tactel.es user and it doesn´t have a new role, only authenticatedUser which already had it before. I don´t know either why i can´t debug the server code. Do i have to check something in runner.properties or any other configuration file?
Regards,
Andrés
Can you check this:
- run code runner
- go to business logic page -> debug tab -> custom events
Do you see custom events in debug tab?
Regards,
Kate.
Hi Kate.
Yes, i see it. I have tried to debug it again but i got the same result (timeout)
Regards,
Andrés
Hi Andrés,
Could you make sure you use the latest coderunner from our website?
As for debugging, coderunner.sh starts the process with the following arguments:
-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005
When you attach to the process, do you use port 5005? Do you attach from IDEA or Eclipse?
Regards,
Mark
Hi Mark.
I am using the latest Code Runner (downloaded today).
About debugging, i have checked i am using port 5005 from IDEA.
Regards,
Andrés
What happens when you try attaching from IDEA?
Could you post a screenshot of the Remote Debugging configuration screen?
Regards,
Mark
Hi Mark. I have attached a screenshot of my remote configuration in IDEA.
When i try to debug the code, nothing happens. It never stops in the breakpoints.
Regards,
Andrés
What does IDEA show in the “Console” panel when you select Run > Debug from the main menu?
I respect the decision to block the function on client side. But why not have something easier on your dashboard to assign roles to user?
Hi Gordon,
It could be easily done via backendless console. Here is some usefull notes:
https://backendless.com/documentation/users/rest/users_user_roles.htm
Regards,
Denys