7.1.5.1. Constraints

Constraints allow restricting access to particular entity instances (table records).

Constraints for an entity class are specified using JPQL expression fragments. These fragments are appended to all entity instance selection queries, thereby filtering them.

The user gets the constraint list from all the groups, starting with their own one, following up the hierarchy. Thus, the following principle is implemented: the lower the users are in the group hierarchy, the more constraints they have.

In order to create a constraint in the Access Groups screen, select the group to create the constraint for, go to the Constraints tab and click Create:

Then, select an entity from the Entity Name drop-down list and set the constraint in the Join Clause and Where Clause fields.

The JPQL editor in the Join Clause and Where Clause fields supports autocompletion for entity names and their attributes. In order to invoke autocompletion, press Ctrl+Space. If the invocation is made after the period symbol, an entity attributes list matching the context will be shown, otherwise – a list of all data model entities.

The following JPQL constraint rules apply:

  • The {E} string should be used as an alias of the entity being extracted. On execution of the query, it will be replaced with a real alias, specified in the query.

  • The following predefined constants can be used in JPQL parameters:

    • session$userLogin – login name of the current user (in case of substitution – the login name of the substituted user).

    • session$userId – ID of the current user (in case of substitution – ID of the substituted user).

    • session$userGroupId – group ID of the current user (in case of substitution − group ID of the substituted user).

    • session$XYZ – arbitrary attribute of the current user session, where XYZ is the attribute name.

  • The Where Clause field content is added to the where query clause using and condition. Adding where word is not needed, as it will be added automatically.

  • The Join Clause field content is added to the from query clause. It should begin with a comma, join or left join.

The simplest constraint example is shown in the figure above: the users with this constraint will see the library$BookPublication entity instances that they have created themselves only.

Prev  Up  Next
  Home