Step 3: Dynamic permissions

In our example app we want a more fine-grained permission management:

access to Lists and Segments should be given based on tags on those objects and
access to Entries should also be limited more dynamically base on some property matching between Entry and backend user.

We will implement a postLogin callback that will dynamically modify a GuiUser right after login.

postLogin callback

`cmsbs-conf/cse/plugins/de.pinuts.tutorial/callback/post-login.es6`:

ApplicationCallback.registerCallback('postLogin', guiUser => {
    const country = guiUser.entry.get('country');

    if (guiUser.adminRole == 'employee') {
        guiUser.channelLangTags = country;
        guiUser.newsletterTags = country;
        guiUser.userQuery = `entrytype == "shipping_company" or entrytype == "employee" or (entrytype == "customer" and country=${Query.value_quote(country)})`;
        guiUser.setAttributeDefaultValue("customer", "country", country);
        guiUser.setAttributeDefaultValue("shipping_company", "country", country);
    }
})

This postLogin callback realizes the following modifications to a backend user’s permissions:

Hide all Lists (aka Channels) that are not tagged with the user’s country,
tag all Newsletters the users sends with his country and hide all Newsletters from the Newsletter Archive that are not tagged with his country,
limit the visibility of Entries to those that satisfy the following userQuery:
- Entry Type is shipping_company or employee or customer with the same country value.

The callback also sets two default values:

customers the backend user creates, will have the backend user’s country
shipping_companys the backend user creates, will also have the backend user’s country by default.

postLogin callback

cmsbs-conf/cse/plugins/de.pinuts.tutorial/callback/post-login.es6:

`cmsbs-conf/cse/plugins/de.pinuts.tutorial/callback/post-login.es6`: