Home Analyst Portal

Populate or Filter enumeration based on logged in user ?

Wonder if it would be possible to show elements of an enumeration based on the logged in user.

For example, I'd like the "hardware asset status" enumeration to be limited/filtered if the user logged in the portal is not an asset admin.

Do you guys think this is feasible ?

Answers

  • Tom_HendricksTom_Hendricks Customer Super IT Monkey ✭✭✭✭✭
    I think "feasible" depends entirely on your appetite for risk.  It would be possible to write Javascript to test your membership (or lack thereof) in certain groups and then remove the list values that you should not see.  However, it would run client-side, and could potentially be tampered with.

    In a few cases, we have decided that although it is possible to tamper with it, we have made access to some features limited by client-side code.  This works for us because of the relatively low impact one could cause by gaining unauthorized access to those features, and the fact that we could detect it with proper controls in place.  Whether or not your portal is accessible outside your internal network should weigh heavily on this.

    To get a server-side solution to this, I recommend submitting a feature request.
  • Alex_MarshAlex_Marsh Premier Partner Advanced IT Monkey ✭✭✭
    @Tom_Hendricks have you got some code for this function? I'm after something similar where I would like to set an enum value based upon who the logged in user is
  • Tom_HendricksTom_Hendricks Customer Super IT Monkey ✭✭✭✭✭
    Look here for determining AD group membership: https://community.cireson.com/discussion/1353/display-a-different-hw-asset-form-in-the-portal-depending-on-ad-group-membership#latest

    Look here for editing the enumeration: https://community.cireson.com/discussion/2487/ability-to-tag-templates-to-be-available-or-not-via-the-analyst-portal#latest

    I have stolen heavily and shamelessly from the first example, but have not done anything with the second, yet.  I definitely plan to.  My first comment in this thread was primarily addressing how membership is determined client-side, and that the risks should be weighed against the rewards.  Cireson could move this check server-side, but we cannot.
Sign In or Register to comment.