Solved: Re: Check if user is part of a google group

LooToS · 11-07-2023 04:46 AM

Hi everyone,

I need to check if a user is allowed to edit a field of each row. Now to manage who can edit a row, we put Google Groups and e-mails into a EnumList field called "Editor".

Now if his e-email is in there it is straight forward, but how can I check if he is part of that google group?

One idea was to give each group a specific name and check the USERROLE(). But that does not seem to work with custom app roles besides User and Admin.

To make a lookup table with users and groups does defeat the purpose of using google groups for authentication.

Any ideas?

Thanks!

Aurelien

Hi @LooToS

@LooToS wrote:

One idea was to give each group a specific name and check the USERROLE(). But that does not seem to work with custom app roles besides User and Admin.

This is an excellent idea. It should work.

If it does not work as expected, I would suggest to contact support and ask them to have a look to it.

Just out of curiosity, what do you get when displaying USERROLE() for a user belonging to the group you are showing? Last time I checked I got the correct custom role.

However, please note that today, the group-picking system works if the user does not belong to more than 100 groups simultaneously. Depending on your domain architecture, you may have a difficulty into picking it.

View solution in original post

WillowMobileSys

You might take a look at this article: Control user access using Google Groups

If that does not work for you, I believe that there is a Google Groups API you can tap into but that will require custom implementations.

AleksiAlkio

Maybe a silly question but.. if the user doesn't exist in your list, wouldn't it mean the rest of them belong to Google Group as they have the access to use the app?

LooToS

Good thought process, I did not mention that there could be multiple groups mentioned in that field.

AleksiAlkio

Okay, then it doesn't help.

Aurelien

Hi @LooToS

@LooToS wrote:

One idea was to give each group a specific name and check the USERROLE(). But that does not seem to work with custom app roles besides User and Admin.

This is an excellent idea. It should work.

If it does not work as expected, I would suggest to contact support and ask them to have a look to it.

Just out of curiosity, what do you get when displaying USERROLE() for a user belonging to the group you are showing? Last time I checked I got the correct custom role.

However, please note that today, the group-picking system works if the user does not belong to more than 100 groups simultaneously. Depending on your domain architecture, you may have a difficulty into picking it.

LooToS

You are right. That works. For me the "Preview as" feature was the issue. It did not display the correct userrole() when switching between user from different groups. I tested it with a "real person" and he saw the custom app roles that I defined.
Now I just have to figure out how to handle if they are in multiple groups, since userrole() can only be one value and it will use the first match from the hierarchy that is defined in the settings if I am not mistaking.

Thanks for the heads-up with the 100 group limit, did not know about that one.

Aurelien

I'm happy to help 🙂

@LooToS wrote:

Thanks for the heads-up with the 100 group limit, did not know about that one.

I ran into it myself for one of my clients, ticketing is still in progress for...4 weeks now, but I'm confident it will be solved soon 🙂