cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
Helper II
Helper II

Entity Permissions on PowerApps Portal

Hi,

 

I have a demo portal for like property management/rental/sales: link to the site

 

in my CE environment, I have a custom entity named "Property Unit" (like an apartment).

 

On the portal, I can browse through all the units/apartments as an anonymous user of the portal. But it is also possible to log in as current tenant to quickly get an overview of "My Units" (page on the portal). So for that to work, I have set up the entity permission for the "Property Unit" entity and that is almost working as I wanted.

 

So, I can browse through all the units as an anonymous AND authenticated user on this page: page to browse available units .

 

I can log in as an authenticated user and go to "My Units" page and only see the units where this particular user is a tenant.

 

Both "My Units"-page and "the browse all units"-page has assigned an entity list in the portal management.

 

Now, when I browse through all available units and click into one specific unit a new page will show a more detailed view of this particular unit. So basically a "Detailed"-page: example .

 

When I'm not signed in to the portal, so when I'm browsing as an anonymous user, this is working just fine. However, if I'm logged in as an authenticated user (like an existing tenant), this detailed page is not showing the unit data. This tells me that there might be something entity permission going on on this page but my problem is I can't control it like the other pages because there is no Entity List attached to the detailed page.

 

I fetch my unit data for the detailed page like this:

 

{% extends 'Layout 1 Column' %}
{% block main %}
<!-- Paste Code from doc here -->

{% assign unit = entities['crc17_propertyunit'][request.params.id] %}

<section>
    <div id="myCarousel" class="carousel slide" data-ride="carousel">
      <!-- Indicators -->
      <ol class="carousel-indicators">
        <li data-target="#myCarousel" data-slide-to="0" class="active"></li>
        <li data-target="#myCarousel" data-slide-to="1"></li>
        <li data-target="#myCarousel" data-slide-to="2"></li>
        <li data-target="#myCarousel" data-slide-to="3"></li>
      </ol>

      <!-- Wrapper for slides -->
      <div class="carousel-inner">
        <div class="item active">
          <img src="https://i.imgur.com/DHixQaX.jpg" title="source: imgur.com;"/>
        </div>

        <div class="item">
          <img src="https://i.imgur.com/c9o7I6g.jpg" title="source: imgur.com;"/>
        </div>

        <div class="item">
          <img src="https://i.imgur.com/WGDKp79.jpg" title="source: imgur.com;"/>
        </div>

        <div class="item">
          <img src="https://i.imgur.com/prIoBZE.jpg" title="source: imgur.com;"/>
        </div>
      </div>

      <!-- Left and right controls -->
      <a class="left carousel-control" href="#myCarousel" data-slide="prev">
        <span class="glyphicon glyphicon-chevron-left"></span>
        <span class="sr-only">Previous</span>
      </a>
      <a class="right carousel-control" href="#myCarousel" data-slide="next">
        <span class="glyphicon glyphicon-chevron-right"></span>
        <span class="sr-only">Next</span>
      </a>
    </div>
</section>
<section>
    <h2>{{ unit.crc17_streetname }}</h2>
    <div>{{ unit.crc17_zipcode }} {{ unit.crc17_city }}, {{ unit.crc17_country }}</div><br/>
    <div class="container">
        <div class="row" style="padding-bottom: 15px;">
            <div class="col-md-2">Rent /month - {{ unit.crc17_marketrent | round }}</div>
            <div class="col-md-2">Move in - {{ unit.crc17_expectedavailable | date: 'MMMM dd, yyyy' }}</div>
            <div class="col-md-2">Case no. - {{ unit.crc17_name }}</div>
        </div>
        <div class="row" style="padding-bottom: 15px;">
            {% if unit.crc17_rooms.label == '1' %}
            <div class="col-md-2">Room - {{ unit.crc17_rooms.label }}</div>
            {% else %}
            <div class="col-md-2">Rooms - {{ unit.crc17_rooms.label }}</div>
            {% endif %}
            <div class="col-md-2">Size - {{ unit.crc17_size }} m2</div>
            <div class="col-md-2">Type - {{ unit.crc17_unittype.label }}</div>
        </div>
        <div class="row">
            <div class="col-md-12">
                <button onclick="window.location.href='https://yavica-self-service.powerappsportals.com/properties/book-viewing/?id{{ entitylist.detail_id_parameter }}={{ unit.id }}';" style="float: right; padding-top: 5px;">
                    Book Viewing
                </button>
            </div>
        </div>
    </div><hr>
    <h4>Description</h4>
    <div>{{ unit.crc17_description }}</div>
    
</section>

{% endblock %}

 

 

Can I disable the entity permission in liquid code or something?

 

 

11 REPLIES 11
Highlighted
Microsoft
Microsoft

Hello Partner,

 

Recommendation is to always use Entity Permissions and use liquid to filter based on logged in user-context.

Adding the documentation link for the liquid params already available https://docs.microsoft.com/en-us/powerapps/maker/portals/liquid/liquid-objects.

 

You could validate once to ensure that the Entity referenced in the page is give access to in the Entity Permissions (if not assigned or permission not available, you will see a blank page).

you can also change scope and set it to 'global' to test if you can see and then limit from there.

 

Cheers,

Pranjali

Highlighted

Hi @Pranjali,

 

Thanks for your post!

 

I believe my problem is occurring because I'm not actually using the

{% entitylist id:page.adx_entitylist.id %}

tag for showing data on the "detailed page" and instead just fetching data directly from the CDS by doing so: 

{% assign unit = entities['crc17_propertyunit'][request.params.id] %}

 

So if I go and change the way I fetch my data and start using:

{% entitylist id:page.adx_entitylist.id %}

, how do I then fetch a specific record by ID? From the previous page (browse all units page), I'm sending an ID forward in the request.params to the "Detailed page" to fetch data for this record only.

 

How do I fetch a specific record by the request.params.id without doing a for loop on the: 

{% entitylist id:page.adx_entitylist.id %}​

 

Highlighted
Super User II
Super User II

Hi

 

I actually registered in your portal to test and seemed to work fine the "details" page

you can retrieve data directly from CDS there is no issues there

you always need an Entity Permission if you are retrieving data via Liquid/oData, and I am assuming you have that because it is working for non-authenticated users.. the Entity Permission has a subgrid to Web Roles, can you make sure you have it associated with both Anonymous and Authenticated Users?

 

------------

If you like this post, give a Thumbs up. Where it solved your request, Mark it as a Solution to enable other users find it.




If you like this post, give a Thumbs up. Where it solved your request, Mark it as a Solution to enable other users find it.

Power Apps Portals Super User


Oliver Rodrigues


 

Highlighted

Hi @OliverRodrigues,

 

Sorry for the late reply. Thanks a lot for reaching out.

 

Regarding your "test" by registering on the portal and accessing the page while logged in. The reason it is showing the data as it should for you is that at the moment you don't get any web role when you register on the portal by default. That is managed manually in CE. I have now added the "Anonymous User" and "Authenticated User" to your user.

 

If you go check now, it doesn't show any data on the "details" page, but on the "properties for rent/buy" page the data is still shown. I believe the reason for the data is shown on the "properties for rent/buy" page is because I have created an entity list for that page and unchecked this:

entity permissions off.PNG

 

This is on purpose because I want everyone to browse my properties whether you are logged in or not.

 

So for your registered user, you won't see any data on the "details" page now unless I made you tenant of one or more of the units in CE and you happen to click on one of these. Otherwise, all other units (the ones you are not a tenant of) will not show data. Though, if you went to "My Units" page you would see the units you are a tenant of.

 

There is like a conflict between how units are shown in "My Units" page and the "details" page, or actually, the pages are showing the same thing, but I want the "details" page to show unit data regardless of the type of user visiting the portal - just like the "properties for rent" page.

 

So I was wondering if I could control the entity permission setting in liquid code when retrieving data directly from CDS on the "details" page because if I could disable the entity permission (just like on the "properties for rent" page) I believe it should show the unit data regardless of the user, right?

 

I hope it's making sense... 🙂

Highlighted

Hi.. sorry about the delay

 

I am still a bit confused with your scenario.. I will try to recap what I understood

 

  • you have a rent page with an Entity List, but entity permissions disabled and that's okay (keep entity permissions disabled for this list)
  • you have a details page with a custom render via Web Template/Liquid --> if you are retrieving data via code (oData or Liquid), you must have entity permissions, you can have the entity permissions for both anonymous and authenticated users
  • you have a my units page with an Entity List, and I guess you need entity permissions here to show only records associated with the user --> keep entity permissions enabled for this list and create an entity permissions just for authenticated users

 

does that make sense ?

 

------------

If you like this post, give a Thumbs up. Where it solved your request, Mark it as a Solution to enable other users find it.

 




If you like this post, give a Thumbs up. Where it solved your request, Mark it as a Solution to enable other users find it.

Power Apps Portals Super User


Oliver Rodrigues


 

Highlighted

Hi @OliverRodrigues ,

 

No worries at all. I really appreciate your help!

 

Seems like you understand the scenario. Tho, I have a few questions:

 

  • rent page: all good - this page is also working as intended.
  • details page: I am retrieving data with liquid as I posted in my code sample above. I haven't added any entity list to this page my self. As for as I understand, please correct me if I'm wrong, you need an entity list to control if the data from an entity list is controlled by entity permissions, right? But this page, even tho I have not added an entity list (with entity permissions enabled) still seems like it does have entity permissions enabled, as the data I retrieve is not shown properly. Or maybe I'm misunderstanding something and need to somehow add an entity list to this page and change my liquid code to use this entity list instead of this fetch: 

 

{% assign unit = entities['crc17_propertyunit'][request.params.id] %}​


In fact, this page is behaving just like the My Units page. If you are logged in as a user (e.g. a tenant) you will only see data on this page, if you happen to click on the same unit that you are associated with.

Example:
So let's say as a tenant you are associated with "Unit no. 123". On the rent page, you browse through the units. When you click on any unit other than "Unit no. 123" it will take you the details page a not show any data. But if you click on "Unit no. 123" on the rent page it will take you to the details page and show the data because this unit you are associated with. (Just like the My Units page).

I hope that didn't confuse you even more... 😅

 

  • My Units page: this also works properly. This page only shows associated units.

 

Here is a screenshot of my current entity permissions for "Property Unit" (Unit):

unit - entity permissions portal.PNG

 

Thank you very much for your time!

Highlighted

Hi 

 


@oml wrote:

...

  • details page: I am retrieving data with liquid as I posted in my code sample above. I haven't added any entity list to this page my self. As for as I understand, please correct me if I'm wrong, you need an entity list to control if the data from an entity list is controlled by entity permissions, right? 

...


No. I think here is where you are mixing things up. You don't need entity list to control permissions to access Portal data. Permissions are required/optional depending on your configuration:

  • Entity List/Entity Form/Web Form- you need to enable entity permissions if you want to add security, otherwise it will be available for everyone
    • If you need to show notes/sharepoint documents, you must have entity permissions for those, otherwise there is no need
  • When retrieving data via custom code (oData / Liquid / Fetch / WebAPI) you MUST have entity permissions setup, but there is no relation here to entity list, you can come from an entity list (without entity permissions) and get to a web page and render data via liquid so it would require entity permissions

 

Do you need the 3 entity permissions you have setup? in my opinion you need two entity permissions

  • propertyunit - contact level - authenticated web role --> this is to be used in the my units page
  • propertyunit - global - authenticated and anonymous web role --> this is to be used in the details page via custom Liquid code

 

and just one final thing that you might be getting a bit mixed up, although this is not critical, the below is not a Fetch, you are retrieving data via Liquid Entity object, not a FetchXML

 


@oml wrote:
  • ..... change my liquid code to use this entity list instead of this fetch: 

 

 

{% assign unit = entities['crc17_propertyunit'][request.params.id] %}​

 

 

...




If you like this post, give a Thumbs up. Where it solved your request, Mark it as a Solution to enable other users find it.

Power Apps Portals Super User


Oliver Rodrigues


 

Highlighted

Hi @OliverRodrigues,

 

Apologies for the very late reply and thanks for your post.

I had another project that needed my time.

 

I have now had some time to play around the entity permissions again. But without any luck.

 

Let me quickly explain what I have been testing and what I have at the moment:

 

Entity Permissions:

I now just have the two permissions as you suggested:

  • contact level - authenticated web role
  • global level - authenticated web role & anonymous web role

 

New test pages:

I have created a new page, "My Page"( link ) with a new entity list for my custom entity "Property Unit". For this entity list, I have enabled "View details" and target another new page, "My Page Details". I have NOT enabled entity permissions for this entity list.

 

This is how I retrieve data on the details page:

 {% assign unitid = request.params.id %}
    {% entityview logical_name:'crc17_propertyunit', name:"Unit Quick Details - Portal", page_size: 50 %}
    {% assign units = entityview.records | where: "crc17_propertyunitid", unitid %}
    {% assign unit = units.first %}

        <div>Unit Case no. - {{ unit.crc17_name }}</div><br/>
        <div>Address - {{ unit.crc17_streetname }}</div>
 {% endentityview %}

 

When you are not signed in to the portal this is working fine. However, when you sign in to the portal with a user which has some units assigned in CE, the details page is not showing data.

 

 

So a quick recap of what I'm trying to accomplish after all these posts:

 

  1. I want an entity list (rent page) where you can browse through the units, click on a certain unit and get a details view of the unit (details page).
  2. I want an entity list (My Units) showing me the related units for the logged-in user. 
  3. As a logged-in user, I want to be able to browse through the rent page with all the units available, just like point 1.

Point 1 and 2 is accomplished, however, point 3 is not.

 

I really didn't expect to struggle this much trying to make this work... 😅

 

😅

Highlighted
Solution Supplier
Solution Supplier

Hi @oml,

 

I have recently created a blog post (https://justinburch.com/portal-security-2) providing instructions to see how Entity Permissions are being applied. While this is mostly useful to see how lists are manipulated, you should be able to identify if Entity Permissions are the cause of the issue (if the record doesn't show up when the show parameter is set to True).

 

Your issue definitely seems to be Permission related. I would recommend removing the Read permission from your Contact level Entity Permission, and using only the other applicable permissions. The Global permission will handle all scenarios for reading the data. Next, make sure that this Global permission is associated to both Anonymous and Authenticated Web Roles (I know - just double check!) and reset the cache (/_services/about as an admin contact).

 

I hope this helps,

Justin

Helpful resources

Announcements
Community Conference

Power Platform Community Conference

Check out the on demand sessions that are available now!

News & Announcements

Community Blog

Stay up tp date on the latest blogs and activities in the community News & Announcements.

secondImage

Power Platform 2020 release wave 2 plan

Features releasing from October 2020 through March 2021

Community Highlights

Community Highlights

Check out the Power Platform Community Highlights

Users online (8,758)