Example: set security with WSScope
You can set security using the WSScope attribute either at the function level or at the service level.
Example 1 setting security at function level
IMPORT com
TYPE profileType RECORD ... END RECORD
PUBLIC FUNCTION FetchMyUserProfile( p_user_id INTEGER ATTRIBUTE(WSQuery) )
ATTRIBUTES(
WSGet,
WSPath="/users",
WSDescription="Returns a user profile, requires authentication",
WSThrows="404:user not found",
WSScope="profile, profile.me")
RETURNS profileType ATTRIBUTES(WSName="data",
WSMedia="application/json,application/xml")
DEFINE p profileType
WHENEVER ERROR CONTINUE
SELECT * INTO p.* FROM users
WHERE user_id == p_user_id
WHENEVER ERROR STOP
IF SQLCA.SQLCODE==NOTFOUND THEN
INITIALIZE p TO NULL
CALL com.WebServiceEngine.SetRestError(404,NULL)
END IF
RETURN p.*
END FUNCTION
In this example the WSScope
required for the REST operation to be executed is "profile" or "profile.me".
Example 2 setting security at service level via WSInfo
PUBLIC DEFINE serviceInfo
RECORD ATTRIBUTE(WSInfo,
WSScope="users.fourjs")
title STRING,
version STRING,
contact STRING
END RECORD
In this example the scope is set in the service information record of the module. The attributes
set are WSInfo
and WSScope
. The scope required for all REST
functions in the module to be executed is "users.fourjs".