Scribd
Upload
22 views7 pages

Rap Authorization Instance Vs Global 1738881130

The document outlines the structure and behavior definitions for two database tables, zdelv_hdr and zdelv_itm, within a RAP (Rapid Application Programming) framework. It details the metadata annotations, behavior definitions, and authorization checks for both header and item entities, emphasizing the differences between instance and global authorization. Additionally, it includes service definitions and implementation methods for handling authorization logic in a class structure.

Uploaded by

inbox2raushan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
22 views7 pages

Rap Authorization Instance Vs Global 1738881130

The document outlines the structure and behavior definitions for two database tables, zdelv_hdr and zdelv_itm, within a RAP (Rapid Application Programming) framework. It details the metadata annotations, behavior definitions, and authorization checks for both header and item entities, emphasizing the differences between instance and global authorization. Additionally, it includes service definitions and implementation methods for handling authorization logic in a class structure.

Uploaded by

inbox2raushan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

RAP AUTHORIZATION INSTANCE VS GLOBAL

1. DATABASE TABLES-

a) HEADER
@EndUserText.label : 'zdelv_hdr'
@AbapCatalog.enhancement.category : #NOT_EXTENSIBLE
@AbapCatalog.tableCategory : #TRANSPARENT
@AbapCatalog.deliveryClass : #A
@AbapCatalog.dataMaintenance : #RESTRICTED
define table zdelv_hdr {

key client : abap.clnt not null;


key vbeln : vbeln_vl not null;
ernam : ernam;
@Semantics.quantity.unitOfMeasure : 'zdelv_hdr.vrkme'
total : lfimg;
vrkme : vrkme;
pgi : wbstk;

b) ITEM
@EndUserText.label : 'z delivery itemn'
@AbapCatalog.enhancement.category : #NOT_EXTENSIBLE
@AbapCatalog.tableCategory : #TRANSPARENT
@AbapCatalog.deliveryClass : #A
@AbapCatalog.dataMaintenance : #RESTRICTED
define table zdelv_itm {

key client : abap.clnt not null;


key vbeln : vbeln_vl not null;
key posnr : posnr_vl not null;
@Semantics.quantity.unitOfMeasure : 'zdelv_itm.vrkme'
lfimg : lfimg;
vrkme : vrkme;
matnr : matnr;

2. CDS – HEADER ROOT ENTITY AND ITEM ENTITY COMPOSITON RELATION

a) HEADER
@AccessControl.authorizationCheck: #NOT_REQUIRED
@EndUserText.label: 'Determination'
@Metadata.ignorePropagatedAnnotations: true
@Metadata.allowExtensions: true
define root view entity Z_C_RAP_DET as select from zdelv_hdr
composition[1..*] of Z_C_RAP_DET_ITM as _det_itm
{
key vbeln,
ernam,
@Semantics.quantity.unitOfMeasure: 'vrkme'
RAP AUTHORIZATION INSTANCE VS GLOBAL
total,
vrkme,
pgi,
_det_itm // Make association public
}

b) ITEM
@AccessControl.authorizationCheck: #NOT_REQUIRED
@EndUserText.label: 'RAP ITEM determination'
@Metadata.ignorePropagatedAnnotations: true
@Metadata.allowExtensions: true
define view entity Z_C_RAP_DET_ITM as select from zdelv_itm
association to parent Z_C_RAP_DET as _header
on $projection.vbeln = _header.vbeln
{
key vbeln,
key posnr,
matnr,
@Semantics.quantity.unitOfMeasure: 'vrkme'
lfimg,
vrkme,
_header // Make association public
}

3. METADATA EXTENSIONS-

a) HEADER
@Metadata.layer: #CORE
annotate entity Z_C_RAP_DET
with
{

@UI.facet: [
{
id: 'idcollection',
type : #COLLECTION,
position : 10 },

{
id: 'identification',
parentId: 'idcollection',
label : 'Delivery Header',
type: #IDENTIFICATION_REFERENCE,
position: 10 },

{
id: 'Items',
type: #LINEITEM_REFERENCE,
label: 'Delivery Items',
position: 20,
targetElement: '_det_itm'
}
RAP AUTHORIZATION INSTANCE VS GLOBAL
]

@UI.lineItem: [{ position : 10 }]
@UI.selectionField: [{ position: 10 }]
@UI.identification: [{ position:10 }]
vbeln;

@UI.lineItem: [{ position : 20 }]
@UI.selectionField: [{ position: 20 }]
@UI.identification: [{ position:20 }]
ernam;

@UI.lineItem: [{ position : 25 }]
@UI.selectionField: [{ position: 25 }]
@UI.identification: [{ position:25 }]
total;

@UI.lineItem: [{ position : 30 }]
@UI.selectionField: [{ position: 30 }]
@UI.identification: [{ position:30 }]
pgi;

b) ITEM
@Metadata.layer: #CORE
annotate entity Z_C_RAP_DET_ITM
with
{

@UI.facet: [
{
id: 'iditm',
type : #COLLECTION,
position : 10 },

{
id: 'identification',
parentId: 'iditm',
type: #IDENTIFICATION_REFERENCE,
purpose: #STANDARD,
position: 10 }

@UI.lineItem: [{ position : 10 }]
@UI.selectionField: [{ position: 10 }]
@UI.identification: [{ position:10 }]
vbeln;
@UI.lineItem: [{ position : 20 }]
@UI.selectionField: [{ position: 20 }]
@UI.identification: [{ position:20 } ]
posnr;
RAP AUTHORIZATION INSTANCE VS GLOBAL
@UI.lineItem: [{ position : 30 }]
@UI.selectionField: [{ position: 30 }]
@UI.identification: [{ position:30 }]

matnr;

@UI.lineItem: [{ position : 40 }]
@UI.selectionField: [{ position: 40 }]
@UI.identification: [{ position:40 }]

lfimg;
}

4. BEHAVIOUR DEFINITION
managed implementation in class zbp_c_rap_det unique;
strict ( 2 );

define behavior for Z_C_RAP_DET //alias <alias_name>


persistent table zdelv_hdr
lock master
authorization master ( global, instance )
//authorization master (instance )
//etag master <field_name>
{
field( readonly : update ) pgi ;
create;
update;
delete;
association _det_itm { create; }

define behavior for Z_C_RAP_DET_ITM //alias <alias_name>


persistent table zdelv_itm
lock dependent by _header
authorization dependent by _header
//etag master <field_name>
{
update;
delete;
field ( readonly ) vbeln;
association _header;
}
5. BEHAVIOUR IMPLEMENTATION-

CLASS lhc_Z_C_RAP_DET DEFINITION INHERITING FROM cl_abap_behavior_handler.


PRIVATE SECTION.

METHODS get_instance_authorizations FOR INSTANCE AUTHORIZATION


IMPORTING keys REQUEST requested_authorizations FOR z_c_rap_det
RESULT result.
RAP AUTHORIZATION INSTANCE VS GLOBAL
METHODS get_global_authorizations FOR GLOBAL AUTHORIZATION
IMPORTING REQUEST requested_authorizations FOR z_c_rap_det
RESULT result.

ENDCLASS.

CLASS lhc_Z_C_RAP_DET IMPLEMENTATION.

METHOD get_global_authorizations.

"Restriction at user level-


IF requested_authorizations-%update = if_abap_behv=>mk-on.

"First time running with value LV_UPDATE_ALLOWED-"ABAP_FALSE" –


This time authorization would fail and it won’t trigger instance
Authorization

"Second time running with value LV_UPDATE_ALLOWED -"ABAP_TRUE" –


This time authorization would be succeful and it would trigger
“instance authorization”

"First Case-
DATA(lv_update_allowed) = abap_false.
* "Second Case-
* DATA(lv_update_allowed) = abap_true.

IF lv_update_allowed = abap_true.
result-%update = if_abap_behv=>auth-allowed.
ELSE.
result-%update = if_abap_behv=>auth-unauthorized.
ENDIF.

ENDIF.
ENDMETHOD.

METHOD get_instance_authorizations.

"Restriction at document level/ more granular level-


READ ENTITIES OF z_c_rap_det IN LOCAL MODE
ENTITY z_c_rap_det
ALL FIELDS WITH CORRESPONDING #( keys )
RESULT DATA(lt_data).

DATA(lv_counter) = 0.
LOOP AT lt_data ASSIGNING FIELD-SYMBOL(<lfs_data>) .
lv_counter = lv_counter + 1.
IF <lfs_data>-%data-pgi = 'C'.
APPEND VALUE #( %tky = <lfs_data>-%tky ) TO failed-z_c_rap_det.
APPEND VALUE #( %tky = <lfs_data>-%tky
%msg = new_message_with_text(
severity =
if_abap_behv_message=>severity-error
text =
'No Authorization to update as delivery
already completed!' )
) TO reported-z_c_rap_det.
ENDIF.
RAP AUTHORIZATION INSTANCE VS GLOBAL
ENDLOOP.
ENDMETHOD.

ENDCLASS.
6. SERVICE DEFINITON-
@EndUserText.label: 'Service defintion'
define service Z_C_RAP_DET_SRVDEF {
expose Z_C_RAP_DET;
expose Z_C_RAP_DET_ITM;
}

7. SERVICE BINDING-

8. PREVIEW

WHEN USER CHANGES LET’S SAY CREATED BY IN BOTH CASES AND HITS SAVE I.E
UPDATE ACTION TRIGGERS.

FIRST CASE- (ABAP_FALSE)


AUTHORIZATION FAILURE FROM GLOBAL AUTHORIZATION-
RAP AUTHORIZATION INSTANCE VS GLOBAL

SECOND CASE –(ABAP_TRUE)


AUTHORIZATION FAILURE FROM INSTANCE AUTHORIZATION

NOTE-IN THE METHOD – GET_GLOBAL_AUTHORIZATIONS – EDIT ACTION APPEARS


ONLY WHEN APPLICATION IS DRAFT ENABLED AS REQUESTED_AUTHORIZATIONS-
%ACTION-EDIT. IN THIS EXAMPLE- EDIT ACTION IS NOT AVAILABLE AND SO HAVE
TESTED WITH %UPDATE ACTION.

You might also like