It is common for developers to build apps where users will have varying access to data and elements within the app based on the user’s role. Being able to limit user access is important to data security, user management, and often, the financial success of the application as user access is commonly tied to how much the user pays. In this article, we are going to show you how you can hide some object properties based on the user’s role. To accomplish this, we will be using Event Handlers.
An event handler is custom, server-side code that responds to an API event. For every API call, Backendless generates two types of events – “before” and “after”. The “before” event is fired before the default logic of the API implementation is executed and the “after” event is triggered right after the default API implementation logic. An event handler can respond to either one of these events. A synchronous (blocking) event handler participates in the API invocation chain and can modify the objects in the chain’s flow. For example, the “before” event handlers can modify arguments of the API calls, so the default logic gets the modified objects. Similarly, an “after” handler can modify the return value (or exception) so the client application that made the API request receives the modified value. For more about Event Handlers, you can read the documentation.
By the end of this guide, you will have a Backendless application with a custom API event handler that modifies objects received from a table and removes restricted properties based on the user’s role.
An example we will build a trip planner skill, albeit a trivialized version of it, which will gather from the user the departure date, the departure and arrival cities. The collected information can be used to search available fares, hotels and make any other necessary arrangements.
What You Will Need