Please Note This forum exists for community support for the Mango product family and the Radix IoT Platform. Although Radix IoT employees participate in this forum from time to time, there is no guarantee of a response to anything posted here, nor can Radix IoT, LLC guarantee the accuracy of any information expressed or conveyed. Specific project questions from customers with active support contracts are asked to send requests to support@radixiot.com.

Radix IoT Website Mango 3 Documentation Website Mango 4 Documentation Website

  • Hi,

    I have a customer requirement to limit certain users access to view certain pages only.

    I've used the admin template to build my dashboards.

    I'd like to be able to restrict/grant user access either by group or individual user.

    Is there a code example I can use for this? or something existing that does this I can make use of?

    Cheers!
    -Shaun


  • Hi Shaun,

    Others may have more to contribute tomorrow, but,

    You can use data point permissions to restrict access to points, such that those points wouldn't show up for other users and they won't be able to query for values. Our permissions system is a comma delimited set of string tags on data points and users, so that does enable having permissions individually for a user. A user without privileges that found the URL of another dashboard would encounter empty lists and empty charts. These field to enter these permissions is on the edit page for the thing, and there is a bulk permissions tool on the /users.shtm page for admins.

    There is not a way to create an arbitrary set of user restrictions for URLs without writing a module.

    However, if it is important to restrict access to the markup, you can do this by confining the markup into the JSON Store, and use the <ma-json-store> directive to load this. It is documented on /dashboards/examples/utilities/json-store

    Try adding some HTML or angular directives into the 'phone' field on that page, saving it, then loading this in your play area:

    <ma-json-store xid="test" item="myItem" value="myValue"></ma-json-store>
    
    <div layout="row">
        <div flex="100">
            <div live-preview="myValue.phone"></div>
        </div>
    </div>
    

    Note on the JSON store page that there is an edit and read permission, and this Mango will enforce with that same tagging as elsewhere. Then you can either have separate URLs that load the content of the page by hardcoding the xid in the ma-json-store tag or you can have all users load the same page and modify the xid of the element by user to load their page.


  • @shaun
    Phillip's post contains a lot of useful information. As he has indicated the best way to restrict users from seeing data they should not be seeing is to set the permissions on the data points and on the JSON store objects.

    However it is also very useful to hide certain navigation links inside your app so your users can't navigate to a page that they will not be able to access any data on. This can be done for menu items by adding a permission property to an object in the MENU_ITEMS array. If you need to hide something in the content of your page you can add a ng-show or ng-if directive, e.g. ng-show="user.hasPermission('superadmin')"


  • Thanks guys!

    As always, appreciate your help!

    Cheers!