Example: set security with WSScope

You can set security using the WSScope attribute either at the function level or at the service level.

Example 1: Setting security at function level

To execute, this REST operation requires a WSScope of "profile" or "profile.me".

IMPORT com

TYPE profileType RECORD ... END RECORD

PUBLIC FUNCTION FetchMyUserProfile( p_user_id INTEGER ATTRIBUTE(WSQuery) )
  ATTRIBUTES(
    WSGet,
    WSPath="/users",
    WSDescription="Returns a user profile, requires authentication",
    WSThrows="404:user not found",
    WSScope="profile, profile.me")
  RETURNS profileType ATTRIBUTES(WSName="data",
                                 WSMedia="application/json,application/xml")
    DEFINE p profileType
    WHENEVER ERROR CONTINUE
    SELECT * INTO p.* FROM users
             WHERE user_id == p_user_id
    WHENEVER ERROR STOP
    IF sqlca.sqlcode==NOTFOUND THEN
        INITIALIZE p TO NULL
        CALL com.WebServiceEngine.SetRestError(404,NULL)
    END IF
    RETURN p.*
END FUNCTION

Example 2: Setting security at Web service level via WSScope

This example sets the scope in the service information record of the module. The attributes set are WSInfo and WSScope. All REST functions in the module require the scope "users.fourjs" in order to execute.

PUBLIC DEFINE serviceInfo 
  RECORD ATTRIBUTE(WSInfo,
                    WSScope="users.fourjs")
    title STRING,
    version STRING,
    contact STRING
  END RECORD