Elevation
Make sure to set Security:ElevatedFunctionalityProvider
to ElevationBarcode in order to enable this feature.
Let's say we have a user with one functionality that requires elevation:
{
"Functionality":"OpenCashDrawer",
"Scope":31,
"RequiresElevation":true
}
This would indicate that the user is not allowed to perform said functionality, but can request an elevation barcode to use for performing the functionality. Let's walk you through the process of elevation barcodes.
We first try to perform the request normally:
{
"StationID": 1,
"ReasonID": 1
}
{
"Error": {
"Message": "You are not allowed to execute this request.",
"Type": "Forbidden",
"Code": "HMHTJRHU",
"RequestID": "56b08ee320cb91e266b9cbf1579f9573"
}
}
We then get a 403 'Forbidden' response saying we are not allowed to execute this request. We are not authorized because we don't have the 'OpenCashDrawer functionality. Well, we kind of do, but we are only allowed to generate an elevation barcode for the functionality. To indicate this, the response error message will have the following header:
eva-elevation-functionality: OpenCashDrawer
Generate elevation barcode
To generate an elevation barcode, we call GenerateElevationBarcode with the appropriate fields:
{
"OrganizationUnitID": 4,
"Functionality": "OpenCashDrawer",
"Scope": 31
}
{
"Barcode": "EB:lGuwbZskIMUSAIbhDgpADrBjTyrc0QmV",
"RequestToken": "8e8UYOROaiy597CvAlWHSoo32mv1gfBC"
}
This returns a Barcode and a RequestToken. Using these, we do two things:
- Subscribe to the SignalR hub.
- Have an authorized user scan the barcode.
Subscribe to the SignalR hub
For this, you need to know how SignalR works. If you don't, make sure you do.
After GenerateElevationBarcode
returns successful, EVA spins up a SignalR hub at yourendpoint/message/elevationbarcode
. We first need to set up a connection with the hub:
const connection = new signalR.HubConnectionBuilder().withUrl(`${endpoint}/signalr/elevationbarcode`).build();
We can subscribe to the hub using the RequestToken
from the GenerateElevationBarcode
response:
connection.start().then(() => connection.invoke("Subscribe", { RequestToken: request.RequestToken }));
We can then await confirmation and follow up:
connection.on("Confirmed", confirmation =>
{
render(`<p>Token: ${request.RequestToken}</p>`);
}
);
Have an authorized user scan the barcode
Now, whenever a user that does have the OpenCashDrawer
functionality scans the barcode using ParseBarcode, the confirmation will trigger on the SignalR hub.
Use elevation token
In our example, we render the original RequestToken
from the GenerateElevationBarcode
response. That's because this will be activated as a valid authorization token when confirmed.
We can now call OpenCashDrawer
again with an additional header; EVA-Elevation-Token
. In this header, we put our RequestToken
. Now, we should be able to call OpenCashDrawer
successfully.
The EVA-Elevation-Token
header does NOT replace your Authorization
header.