You can control how to expose the Web API v3 Server Procedures through actions and functions by adding security for the ExposedService attribute, which indicates the methods. This is done by adding a relationship between the corresponding server API procedure and the valid Access Groups in the database.
A user needs valid roles where at least one role must be related to the access groups
for the configuration for which the action or function is called. The default behavior
is to supply the configuration as part of the request header.
The following example load file shows how you can define the relationships in the model:
<Container>
<Rel>
<IObject UID="SP_TestActionV3.SPFAPIServerProcedureAccessGroup.MAG_TestAccessGroup1" />
<IRel UID1="SP_TestActionV3" DefUID="SPFAPIServerProcedureAccessGroup" UID2="MAG_TestAccessGroup1" />
</Rel>
<Rel>
<IObject UID="SP_TestActionV3.SPFAPIServerProcedureAccessGroup.MAG_TestAccessGroup2" />
<IRel UID1="SP_TestActionV3" DefUID="SPFAPIServerProcedureAccessGroup" UID2="MAG_TestAccessGroup2" />
</Rel>
<Container>
Exceptions
There can be exceptions when the configuration is derived from the request itself, rather than the headers. For example, the configuration could be a parameter to the exposed service or part of the request URI. In such cases, the class definition implementing the exposed services needs to implement the IAuthorisedExposesServicesProcedures interface definition. This is not an SDx interface definition but is an interface defined in the code. The logic for determining the configuration must be written in the exposed GetConfigFromRequest method.
[Export(typeof(IExposesServicesProcedures)), PartCreationPolicy(CreationPolicy.NonShared)]
public class ValidateForUnClaimFromToolService : IAuthorisedExposesServicesProcedures
{
public HttpRequestMessage Request { get; set; }
[ExposedService(ExposedServiceType.Action, "TestActionV3", UID: "SP_TestActionV3", includeAtRoot: true, Version = Enum.ServicesVersion.V3)]
public void TestActionV3(string PlantUID)
{
}
[ExposedService(ExposedServiceType.Function, "TestFunctionV3", UID: "SP_TestFunctionV3", includeAtRoot: true, Version = Enum.ServicesVersion.V3)]
public bool TestFunctionV3()
{
return true;
}
[ExposedService(ExposedServiceType.Function, "TestUnboundFunctionV3", UID: "SP_TestUnboundFunctionV3", includeAtRoot: true, Version = Enum.ServicesVersion.Any, IsAsync = true, IsComposable = false)]
public bool TestUnboundFunctionV3()
{
return true;
}
[ExposedService(ExposedServiceType.Function, "TestUnboundArgFunctionV3", UID: "SP_TestUnboundArgFunctionV3", includeAtRoot: true, Version = Enum.ServicesVersion.Any, IsAsync = true, IsComposable = false)]
public bool TestUnboundArgFunctionV3(string opt1)
{
return true;
}
/// <summary>
/// Gets config supplied in the request. The method is invoked to determine the config for which user needs to be authorised
/// before the exposed service is invoked.
public ISPFConfigurationItem GetConfigFromRequest()
{
/// Add the logic to parse the request to determine the config for which user access needs to be validated and return the config object
/// This method needs to be implemented only if the correct config cannnot be expected as part of the request header and special logic is needed to determine the config
/// if multiple exposed services in this class have different logic for determining the config, then the code will need to account for that by checking the name of the exposed
/// service being executed in the request.
}
}