Verified metadata¶

With every RPC method call, a metadata Struct with verified information is passed as first argument. The metadata Struct contains at least the following information:

Property	Type	Set by	Optional	Description
`sourceModuleId`	`String`	c1-core	no	The ID of the sending module. This parameter is filled (or overridden) in `c1-core` with the ID of the sending module.
`sourceModuleClientId`	`String`	Module	yes	The ID of the sending module client. Needs to be set to a verified value by the module. This can't be checked by `c1-core`. The value is only required for requests from module clients.
`userId`	`Struct`	Sender	yes	Filled with the ID of the sending user. For requests coming from UIs to `c1-core` this is filled with the logged in user. This parameter can be set by any sender. Just make sure the information is verified, as the validity cannot be checked by `c1-core`.
`accessedPrincipalId`	`Struct`	c1-core	yes	Only relevant when logged in as a system provider or system distributor. Specifies the principal the user wants to access (set by HTTP header). Using this property, you can be sure, the user has access to this principal.
`sourceModulePrincipalId`	`Struct`	c1-core	yes	This property is always and only set when the RPC method's call origin is a module or module client. When the source module is associated to a specific principal, this `Struct` is set to this principal.
`homeClientId`	`String`	c1-proxy	yes	Filled with the home client ID (= edge client ID) for requests coming from edge clients.
`homeClientUsers`	`Struct`	c1-core	yes	Filled with the end(!) users associated to the edge client specified with `homeClientId`. The users are always associated to the same business partner as the edge client.
`userHomeClients`	`Struct`	c1-core	yes	Filled with the edge client IDs associated to the user specified with `userId`. This is only filled for end users, as only end users can be associated to edge clients.
`resultingPrincipal`	`Struct`	Module (set by libc1-module and c1-module-proxy)	no	This `Struct` should be used to check access permissions. It is calculated using information from `userId`, `accessedPrincipalId` and `homeClientId`. For example: When a system provider user accesses the module, the user's ID and type is taken from user ID, the system distributor ID and business partner ID is taken from `accessedPrincipalId`. See below for all options.

userId Struct¶

The userId Struct contains the following fields:

Property	Type	Description
`sp`	`String`	The ID of the system provider.
`sd`	`String`	The ID of the system distributor. Empty for system provider users.
`bp`	`String`	The ID of the business partner. Empty for system provider and system distributor users.
`id`	`String`	The users's ID.
`type`	`Int`	`1` for super users (unused currently), `2` for system provider users, `3` for system distributor users, `4` for business partner users and `5` for end users.

Always check type to assign the user to a principal level if required.

homeClientUsers Array¶

This is an Array of user ID Structs. See the userId Struct for the properties.

resultingPrincipal Struct¶

This Struct should be used for access checks. It contains the resulting access permissions of the client and merges userId, homeClientId and accessedPrincipalId. It has the following fields:

Property	Type	Description
`sp`	`String`	The ID of the system provider.
`sd`	`String`	The ID of the system distributor. This is always set, also for system provider users. For module access a system distributor must always be specified.
`bp`	`String`	The ID of the business partner. This is always set, also for system provider and system distributor users. For module access a business partner must always be specified.
`id`	`String`	The users's, edge client's or module's ID.
`type`	`Int`	`1` for super users (unused currently), `2` for system provider users, `3` for system distributor users, `4` for business partner users, `5` for end users, `6` for edge clients and `7` for modules.

Examples¶

User call¶

Here's an example for a call from a system provider user (i. e. a user logged in into c1-core):

{
  "homeClientId": "",
  "homeClientUsers": {},
  "sourceModuleId": "c1-core",
  "userHomeClients": {
    "active": {},
    "all": {}
  },
  "userId": {
    "type": 2,
    "sp": "48109350-1db6-11e9-8e66-2f71a0be4cc5",
    "sd": "",
    "bp": "",
    "id": "157d9350-1db8-11e9-8e66-2f71a0be4cc5"
  },
  "accessedPrincipalId": {
    "sp": "48109350-1db6-11e9-8e66-2f71a0be4cc5",
    "sd": "76f3016a-8231-0512-8588-ff6f0f525dbb",
    "bp": "d1faa8d0-2db4-11ea-af75-674069e60b74"
  },
  "resultingPrincipal": {
    "type": 2,
    "sp": "48109350-1db6-11e9-8e66-2f71a0be4cc5",
    "sd": "76f3016a-8231-0512-8588-ff6f0f525dbb",
    "bp": "d1faa8d0-2db4-11ea-af75-674069e60b74",
    "id": "157d9350-1db8-11e9-8e66-2f71a0be4cc5"
  }
}

Here's an example for a call from a business partner user (i. e. a user logged in into c1-core):

{
  "homeClientId": "",
  "homeClientUsers": {},
  "sourceModuleId": "c1-core",
  "userHomeClients": {
    "active": {},
    "all": {}
  },
  "userId": {
    "type": 2,
    "sp": "48109350-1db6-11e9-8e66-2f71a0be4cc5",
    "sd": "37917b52-0d0a-40e2-9228-cc77c734bd84",
    "bp": "ef88f0fc-d9fc-4327-8b70-55083c99b28d",
    "id": "2111cb54-3851-47c7-a95a-d1935817dd0e"
  },
  "accessedPrincipalId": {
    "sp": "48109350-1db6-11e9-8e66-2f71a0be4cc5",
    "sd": "37917b52-0d0a-40e2-9228-cc77c734bd84",
    "bp": "ef88f0fc-d9fc-4327-8b70-55083c99b28d"
  },
  "resultingPrincipal": {
    "type": 2,
    "sp": "48109350-1db6-11e9-8e66-2f71a0be4cc5",
    "sd": "37917b52-0d0a-40e2-9228-cc77c734bd84",
    "bp": "ef88f0fc-d9fc-4327-8b70-55083c99b28d",
    "id": "2111cb54-3851-47c7-a95a-d1935817dd0e"
  }
}

Todo: Add an example for an end user containing userHomeClients.

Module call¶

Here's another example for a call originating from another global module:

{
  "homeClientId": "",
  "homeClientUsers": {},
  "sourceModuleId": "c1-device-management",
  "userHomeClients": {
    "active": {},
    "all": {}
  },
  "userId": {},
  "accessedPrincipalId": {},
  "resultingPrincipal": {
    "type": 7,
    "sp": "0",
    "sd": "0",
    "bp": "0",
    "id": "c1-device-management"
  }
}

When the originating module is associated to a principal, sourceModulePrincipalId is filled:

{
  "homeClientId": "",
  "homeClientUsers": {},
  "sourceModuleId": "c1-device-management",
  "userHomeClients": {
    "active": {},
    "all": {}
  },
  "userId": {},
  "accessedPrincipalId": {},
  "sourceModulePrincipalId": {
    "sp": "05178911-2ce8-46fc-859e-ba690657b315",
    "sd": "97f8a8dc-f7f2-4e25-bd64-a2ffdd245f9e",
    "bp": "d0f00894-f7d2-4060-a4e1-fc0b5bfdd902"
  },
  "resultingPrincipal": {
    "type": 7,
    "sp": "05178911-2ce8-46fc-859e-ba690657b315",
    "sd": "97f8a8dc-f7f2-4e25-bd64-a2ffdd245f9e",
    "bp": "d0f00894-f7d2-4060-a4e1-fc0b5bfdd902",
    "id": "c1-wodis-connector-fluewo"
  }
}

edge client call¶

And finally an example for a call originating from an edge client:

{
  "homeClientId": "0604b020-7905-11eb-ad7b-f9e2c6c59018_6261.102.32_1",
  "homeClientUsers": {
    "a70868e6-f33d-4cf1-8cbf-952f2f0fe9a9": {
      "roles": ["tenant", "occupant"]
    },
    "1b4b834e-47ae-4bb9-9a83-2c4e8357ad6a": {
      "roles": ["tenant", "occupant"]
    }
  },
  "sourceModuleId": "c1-proxy",
  "sourceModuleClientId": "0604b020-7905-11eb-ad7b-f9e2c6c59018_6261.102.32_1",
  "userHomeClients": {
    "active": {},
    "all": {}
  },
  "userId": {},
  "accessedPrincipalId": {
    "sp": "48109350-1db6-11e9-8e66-2f71a0be4cc5",
    "sd": "76f3016a-8231-0512-8588-ff6f0f525dbb",
    "bp": "d1faa8d0-2db4-11ea-af75-674069e60b74"
  },
  "resultingPrincipal": {
    "type": 6,
    "sp": "48109350-1db6-11e9-8e66-2f71a0be4cc5",
    "sd": "76f3016a-8231-0512-8588-ff6f0f525dbb",
    "bp": "d1faa8d0-2db4-11ea-af75-674069e60b74",
    "id": "0604b020-7905-11eb-ad7b-f9e2c6c59018_6261.102.32_1"
  }
}