Access rules based on current session

Hi All, I have an issue that I could use some help with. We are busy implementing a separate configuration app, so we don't have configuration anymore in our main apps. Apps can consume the configuration through a Data Hub connection. In our configuration app, we have multiple configuration versions, so that different apps or environments can use a different configuration if necessary. When a user makes changes to a specific configuration version in the configuration app, this version is associated with the current session. Access rules in the domain model make sure that the user only sees objects that belong to the version they're currently working on. This is done with an XPath constraint, basically saying Entity/ConfigurationVersion/CurrentSession/User = CurrentUser. This works fine. When the user closes the version or opens another one (in the same session), the association between the configuration version and the session is removed to make sure the session is never linked to multiple configuration versions. But now, we also want to be able to compare different configuration versions. I tried to open the app in another (incognito) window, and selected a different configuration version there, so I could compare two versions (in two different sessions). When I do this, I see the objects of both versions in both windows, instead of just one version in my regular window and one version in the incognito window. So the versions are mixed up. Which makes sense, because according to the XPath, the object only requires an association with a session linked to the current user, it doesn't specify which session. I'm trying to find a way to distinguish between sessions, instead of using all paths to the user, but in the access rules in the domain model I can only specify a path to user. Do you have any suggestions on how to do this? Of course we can implement restrictions on the specific pages, but that would be a lot of work and hard to maintain. We prefer a solution in the domain model, so we don't have to edit all pages separately.  
1 answers

Hi Lisa,


There is no $currentSession variable to use in an XPath constraint. Also, A according to the domain model, the association between user and session is 1 to many. Creating your own session entity with a SessionId might be a next step.


Regards, Thijs