Query a user’s permitted actions

This tutorial explains how you can use the Permissioning API to find out from the server, what specific actions the logged-in user is allowed to perform, in order to tailor a particular component for that user.

When developing a component that deals with a single product, such as a trade tile for one currency pair, you might well want to query a single permission. The PermissionService allows you to make individual queries which return a true/false reply about a particular user permission.

Consider the following code snippet. We’re interested in whether the user has permission to view the GBPUSD currency pair (product) and if so, whether he also has permission to trade on Electronic Streaming Prices for that currency pair (using the ESP trade protocol).

var permissionService = caplin.core.ServiceRegistry.getService("caplin.permission-service");

var sProduct = "/FX/GBPUSD";
var sAction = "VIEW";
var bCanView = permissionService.canUserPerformGlobalAction(sProduct, sAction);

var bCanTrade = false;
if (bCanView) {
   var sNamespace = "TradeProtocol";
   sAction = "ESP";
   bCanTrade = permissionService.canUserPerformAction(sProduct, sNamespace, sAction);
}

//Adjust tile appropriately...

The VIEW action is within the global namespace, as it’s a general action in the application. That being the case, we can use the method "canUserPerformGlobalAction" which queries permissions in the global namespace. To query whether the user can trade using the ESP trade protocol for this currency pair, we use the "canUserPerformAction" method, where ESP is the specific action under the TradeProtocol namespace.

The boolean values returned, let us customise the individual tile to reflect the user’s permissions. If bCanView is "true" but bCanTrade is "false", you may wish to allow the user to see the tile and streaming prices, but to have the tile display a message telling the user that trading is not permitted. You might also wish to make another query, this time for the RFQ trade protocol (action "RFQ" and namespace "TradeProtocol"), to find out whether the user can instead Request for a Quote to trade on the GBPUSD currency pair, and if so notify accordingly.