Example: set security with WSScope

You can set security using the WSScope attribute either at the function level or at the service level. Examples are shown for both methods.

Example 1 setting security at function level

IMPORT com

TYPE profileType RECORD
     id INT,
     name VARCHAR(50),
     email VARCHAR(100)
   END RECORD

PUBLIC FUNCTION FetchMyUserProfile( p_user_id INTEGER ATTRIBUTE(WSQuery) )
  ATTRIBUTES(
    WSGet,
    WSPath="/userinfo",
    WSDescription="Returns a user profile",
    WSThrows="404:user not found",
    WSScope="profile, profile.me")
  RETURNS ProfileType ATTRIBUTES(WSName="data",
                                 WSMedia="application/json,application/xml")
    DEFINE p ProfileType
    WHENEVER ERROR CONTINUE
    SELECT * INTO p.* FROM users
             WHERE user_id == p_user_id
    WHENEVER ERROR STOP
    IF SQLCA.sqlcode==NOTFOUND THEN
        INITIALIZE p TO NULL
        # Set Not found error
        CALL com.WebServiceEngine.SetRestError(404,NULL)
    END IF
    RETURN p.*
END FUNCTION

In this example the WSScope required for the REST operation to be executed is "profile" or "profile.me".

Example 2 setting security at service level via WSInfo

PUBLIC DEFINE serviceInfo 
  RECORD ATTRIBUTE(WSInfo,
                    WSScope="users.fourjs")
    title STRING,
    version STRING,
    contact STRING
  END RECORD

In this example the scope is set in the service information record of the module. The attributes set are WSInfo and WSScope. The scope required for all REST functions in the module to be executed is "users.fourjs".