Samples
In the following sample we have a registration, login and a members area. This shows how we restrict the members area to only read results for the logged in customer.
Page setup
The public features only work if the registration, login and any members pages belong to the same application or auth domain.
Registration page
A simple registration page with minimal inputs.
<!DOCTYPE html>
<html>
<body>
<h2>Register a new user</h2>
<form method="post">
<input type="hidden" name="postActionEntity" value="B2BLoginRegisterInput">
<input type="hidden" name="postActionRedirect" value="b2b-2-login-page">
<div class="user-box">
<input type="text" name="AutomatApi.B2BLoginRegisterInput.Firstname" required="">
<label>Firstname</label>
</div>
<div class="user-box">
<input type="text" name="AutomatApi.B2BLoginRegisterInput.Lastname" required="">
<label>Lastname</label>
</div>
<div class="user-box">
<input type="text" name="AutomatApi.B2BLoginRegisterInput.Username" required="">
<label>Email</label>
</div>
<div class="user-box">
<input type="password" name="AutomatApi.B2BLoginRegisterInput.Password" required="">
<label>Password</label>
</div>
<!-- Read possible registration errors -->
<div>
{{ range .Data.Errors }}
<span>{{ . }}</span>
{{ end }}
</div>
<button type="submit">Register</button>
</form>
</body>
</html>
For publish settings we enable the ‘Allow B2B and public access’ checkbox
Also since registration allows more fields to be used we also need to fill in the parameter whitelist of the value we will allow to be used, in this case we will fill the ones we have defined in the form.
Login page
Here we will just use the username and password, and redirect to the members area when successful.
<!DOCTYPE html>
<html>
<body>
{{ if .Session.Customer.ID }}
<h2>Already logged on!</h2>
{{ else }}
<h2>Login</h2>
<form method="post">
<input type="hidden" name="AutomatApi.B2BLoginInput.Redirect" value="b2b-2-members-page">
<div class="user-box">
<input type="text" name="AutomatApi.B2BLoginInput.Username" required="">
<label>Username</label>
</div>
<div class="user-box">
<input type="password" name="AutomatApi.B2BLoginInput.Password" required="">
<label>Password</label>
</div>
<div class="my-error-container">
{{ range .Data.Errors }}
<span class="my-error-message">{{ . }}</span>
{{ end }}
</div>
<button type="submit">Login</button>
</form>
{{ end }}
</body>
</html>
For publish settings we enable the ‘Allow B2B and public access’ checkbox.
Login model parameters are automatically whitelisted, so we should not need to fill them here.
Members page
On the members page we will generate a simple list of documents for the currently logged on member. We use the preset to read session id to the request and prevent it from being adjusted via any parameters.
<!DOCTYPE html>
<html>
<body>
<h1>Members page</h1>
<form method="post">
<input type="hidden" name="AutomatApi.B2BLogoutInput.Logout" value="1">
<button type="submit">Logout</button>
</form>
<h2>Welcome {{ .Session.Customer.FirstName }} to the members area</h2>
<!-- Erply api response data in the 'records' field -->
<h2>My orders</h2>
<form method="POST">
<!-- Request definition -->
<input type="hidden" name="ErplyApi.Api.Post.getDocs" value="getSalesDocuments" data-preset-val="getSalesDocuments">
<button type="submit">Reload orders</button>
</form>
<ul>
{{ $salesDocs := (.Data.ErplyApi.Api.Requests.getDocs.Response.Get "records").Array }}
{{ if $salesDocs }}
{{ range $salesDocs }}
<li>{{ .Get "id" }} / {{ .Get "type" }} / {{ .Get "clientName" }}</li>
{{ end }}
{{ else }}
<li>You currently have no orders!</li>
{{ end }}
</ul>
</body>
</html>
By default all public access groups do not have access to read documents. This right needs to be given under the public user groups (starting with ‘app_public’ and ‘app_b2b’) by the account administrator in the backoffice.
Every application or authentication domain will have a separate user group with rights assigned to them.
For publish settings we enable the ‘Allow B2B access’ checkbox as we will only want logged in members to access it.
We also set the redirection to the name of the login page, so whenever its being accessed without a proper session it will be automatically redirected.
We are also using dynamic api here, so we will add the ErplyApi.Api.Post.getDocs -> getSalesDocuments to the request whitelist.
Under URl configuration we add the preset ErplyApi.Api.PostParam.getDocs.<-clientID : Session.customer.ID This will write the current session customer id to the request when it is being done, since we do not allow the parameter to be adjusted in the parameters list then it cannot be changed to anything else.
Workflow
To test it:
- Register a new user
- Login with the created customer
- The members area only displays the members sales documents (use backoffice to create them or create a new page that creates the documents for the member using the same method)