Skip to main content

APEX 5 New Authorization Evaluation Point Features

In APEX 4 you can define Authorization Schemes. This is a very useful feature to prevent code repetition all over the place. For instance and Authorization Scheme "Is Admin" might use a select on one or more tables (or web service calls or whatever is necessary) to determine whether a user, the :APP_USER, has an Admin role or not. And you can use any value in session state, like :APP_ID or :APP_PAGE_ID in your query (or function call). The result of this call is usually pretty static. So you could specify when the code should be evaluated: Once per Page View or Once per Session. The latter is obviously more efficient as it will run only once from login to logout.
This works fine. Until you want to build your own fine-grained access control mechanism. As an example: If you have a page with three buttons on it, you can define an Authorization Scheme for this buttons and use that. So all three buttons use the same Authorization Scheme and are all visible on the page or not. As the Authorization Scheme will be evaluated once and only once for that Page. And if you need more fine grained controle you had to define three different Authorization Schemes, one for each button. And that will grow into a maintenance nightmare.

In APEX 5 this will be resolved. Next to the "old" options you can now specify an evaluation "Once per Component" and "Always".
"Once per Component" means the code is evaluated once per component for the duration of the session. So using this setting you can (re)use the same Authorization Scheme for the three buttons - as it will be evaluated three times. To make it even more useful : They also included three new bind variables (:APP_COMPONENT_TYPE, :APP_COMPONENT_ID and :APP_COMPONENT_NAME) that you can use in your query. So using these new bind vars (or one of them) you can create functionality that supports things like DYI fine grained access control - where a privileged user can grant or revoke access to certain elements on a page! 

Comments

Popular posts from this blog

Filtering in the APEX Interactive Grid

Remember Oracle Forms?

One of the nice features of Forms was the use of GLOBAL items. More or less comparable to Application Items in APEX. These GLOBALS where often used to pre-query data. For example you queried Employee 200 in Form A, then opened Form B and on opening that Form the Employee field is filled with that (GLOBAL) value of 200 and the query was executed. So without additional keys strokes or entering data, when switching to another Form a user would immediately see the data in the same context. And they loved that.

In APEX you can create a similar experience using Application Items (or an Item on the Global Page) for Classic Reports (by setting a Default Value to a Search Item) and Interactive Reports (using the APEX_IR.ADD_FILTER procedure). But what about the Interactive Grid? There is no APEX_IG package ... so the first thing we have to figure out is how can we set a filter programmatically?

Start with creating an Interactive Grid based upon the good old Employees tab…

Adding items to your Interactive Grid Toolbar

The APEX Interactive Grid uses the Toolbar widget to create the default Toolbar showing the Search box, Actions menu, Save button etc. And since quite a while there is a nice Plugin "Extend IG Toolbar" by Marko Goricki that makes it very easy to add additional buttons to the Toolbar.

But what if you need more than a button? 
Inspecting the contents of widget.toolbar.js, you can easily spot there can be added more to the Toolbar than just a button: The type of control, available values:
"STATIC", "TEXT", "SELECT", "BUTTON", "MENU", "RADIO_GROUP", "TOGGLE".
The first example will show a way to easily switch from one filter to another. Of course we could use the standard functionality and create two different Report views, but using a Radio Group on the Toolbar gives a more "Tab" like user experience.

So how can we create a Radio Group that looks like a switch in the Toolbar?
In the Javascript Code …

Using Static Files in APEX has never been easier !

Almost every APEX Developer knows that JavaScript and CSS belongs in separate files and (in 99% of the use cases) not somewhere in your Page properties. If you have this code in separate files it is easier to use them in a Version Control System (SVN or Git) - if the files are outside of APEX. And the code you store in these files can be reused, in contrast to the stuff you store on Page level.In a lot of environments it is harder to use external files, because deployment of these files to the appropriate location on a webserver requires special privileges that not everybody has. In those cases storing these files as Static Application Files or Static Workspace Files might be a better solution. It makes deployment easier, because these files will be exported and imported as part of the application. You can't accidentally forget about them. But working with these files is quite a pain. When you need to edit something you have to download that file, make the changes, upload it again …