1. Get rid of all advertisements and get unlimited access to documents by upgrading to Premium Membership. Upgrade to Premium Now and also get a Premium Badge!

Authorization scheme need button id

Discussion in 'Oracle Application Express (APEX)' started by Bharat, Sep 27, 2015.

  1. Bharat

    Bharat Community Moderator Forum Guru

    Messages:
    1,747
    Likes Received:
    147
    Trophy Points:
    1,805
    Location:
    Vijayawada, India
    Hi All,

    We had created Authorization Scheme, and need to pass Button ID to the Authorization Scheme to display/hide the button. Can anyone suggest us on this to pass Button ID to Scheme.
     
  2. ocprep

    ocprep Forum Advisor

    Messages:
    277
    Likes Received:
    76
    Trophy Points:
    410
    Location:
    Orlando, Florida
    I don't understand -- why would you need to do this? I use authorization schemes to show/hide buttons all the time. Under the button definition in the 'Security' region, you select the authorization scheme. This automatically hides the button when the scheme is not active and displays it when it is.
     
    Muhammad Uzair likes this.
  3. Bharat

    Bharat Community Moderator Forum Guru

    Messages:
    1,747
    Likes Received:
    147
    Trophy Points:
    1,805
    Location:
    Vijayawada, India
    I need this because we had created few roles here to decide to whom we need to provide access to the buttons. So Created function which returns boolean value based on the passed user name, page id and button id.

    Now we had achieved this by using :APP_COMPONENT_ID to send Button ID to the PLSQL.
     
  4. ocprep

    ocprep Forum Advisor

    Messages:
    277
    Likes Received:
    76
    Trophy Points:
    410
    Location:
    Orlando, Florida
    That seems more complex than it needs to be, but obviously I don't have enough visibility into your app to say that for certain. That said, normally if I'm determining the visibility for a button (or an item) through code -- that code is executed from the button/item itself. Presumably you're not doing that or else you would know the button ID. That said -- where/how is the code being executed (page level? application level? dynamic action?). Since you have a parameter for the button ID, I assume this is not a single button but several... so how does the code determine which button it needs to grab the ID for?
     
  5. Bharat

    Bharat Community Moderator Forum Guru

    Messages:
    1,747
    Likes Received:
    147
    Trophy Points:
    1,805
    Location:
    Vijayawada, India
    Am using Authorization Scheme itself using one function, and for this function we need pass user id, page id, and button id if we are using Authorization Schemes for Buttons. So used three parameters to the function i.e., User ID, Page ID, Button ID(Nothing But Component ID). So using these three, I wrote an sql to get role value for this. If we get positive result, then am returning true, else false.
     
  6. ocprep

    ocprep Forum Advisor

    Messages:
    277
    Likes Received:
    76
    Trophy Points:
    410
    Location:
    Orlando, Florida
    OK -- I heaven't started using many of the new Apex 5.0 features. I looked up :APP_COMPONENT_ID and I see better what you are trying to do... but your question doesn't make sense to me. If you have an authorization scheme which uses the :APP_COMPONENT_ID variable and the authorization scheme is set to be evaluated "Once per Component", then the variable will equal the BUTTON_ID of any button that references the authorization scheme. There is no need to 'pass the Button ID to the Authorization Scheme'. Whatever query you are performing needs to recognize the button ID and use it in determining the BOOLEAN result, but that's a different matter.
     
  7. Bharat

    Bharat Community Moderator Forum Guru

    Messages:
    1,747
    Likes Received:
    147
    Trophy Points:
    1,805
    Location:
    Vijayawada, India
    As I had developed my own Roles for Users, I need function which returns Boolean value. For that purpose am trying to pass Button ID which is nothing but :APP_COMPONENT_ID.
     
  8. ocprep

    ocprep Forum Advisor

    Messages:
    277
    Likes Received:
    76
    Trophy Points:
    410
    Location:
    Orlando, Florida
    If you are using Apex 5.0
    and you have an authorization scheme that references the :APP_COMPONENT_ID variable
    and that authorization scheme is set to be evaluated "Once per Component"
    and that authorization scheme is referenced in the Security section of the button
    then at the time that the button is rendered, the value of APP_COMPONENT_ID will be the button ID.

    So assume I create an authorization scheme called BUTTON_PRIVS and set it to be evaluated "Once per Component". The scheme is set to a function returning a BOOLEAN and the code is as follows:

    Code (Text):
    BEGIN
      RETURN check_privs(v('APP_USER'), v('APP_PAGE_ID'), v('APP_COMPONENT_ID'));
    END;
    The CHECK_PRIVS function might look something like the following:

    Code (Text):

    FUNCTION check_privs (p_user       VARCHAR2,
                          p_page_id    VARCHAR2,
                          p_button_id  VARCHAR2)
    RETURN BOOLEAN
    AS
      v_count   NUMBER;
    BEGIN
      SELECT COUNT(*)
      INTO   v_count
      FROM   privs_table
      WHERE  username   = p_user
      AND    page_id    = p_page_id
      AND    button_id  = p_button_id;

      IF v_count > 0 THEN
        RETURN TRUE;
      ELSE
        RETURN FALSE;
      END IF;
    END check_privs;
     
  9. Bharat

    Bharat Community Moderator Forum Guru

    Messages:
    1,747
    Likes Received:
    147
    Trophy Points:
    1,805
    Location:
    Vijayawada, India
    Yes Exactly did the same way.. Before am not much aware of that :APP_COMPONENT_ID, I tried searching for that and posted a question here.. now it was clear and our requirement completed and its working fine.
     
  10. Muhammad Uzair

    Muhammad Uzair Starter

    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    10
    Location:
    Pakistan
    Hi Bharat!!
    As far I understood you want to apply security / user access on buttons like "Insert/Add", "Updated/Edit" and "Delete". Only authorized user should see the relavant buttons?

    This link will definitely work for you. I am using this topology for last 9 years and there is no security violation found.