Skip to main content

Elevation

Note

Make sure to set Security:ElevatedFunctionalityProvider to ElevationBarcode in order to enable this feature.

Let's say we have a user with one functionality that requires elevation:

{
"Functionality":"OpenCashDrawer",
"Scope":31,
"RequiresElevation":true
}

This would indicate that the user is not allowed to perform said functionality, but can request an elevation barcode to use for performing the functionality. Let's walk you through the process of elevation barcodes.

We first try to perform the request normally:

{
"StationID": 1,
"ReasonID": 1
}

We then get a 403 'Forbidden' response saying we are not allowed to execute this request. We are not authorized because we don't have the 'OpenCashDrawer functionality. Well, we kind of do, but we are only allowed to generate an elevation barcode for the functionality. To indicate this, the response error message will have the following header:

eva-elevation-functionality: OpenCashDrawer

Generate elevation barcode

To generate an elevation barcode, we call GenerateElevationBarcode with the appropriate fields:

{
"OrganizationUnitID": 4,
"Functionality": "OpenCashDrawer",
"Scope": 31
}

This returns a Barcode and a RequestToken. Using these, we do two things:

  1. Subscribe to the SignalR hub.
  2. Have an authorized user scan the barcode.

Subscribe to the SignalR hub

For this, you need to know how SignalR works. If you don't, make sure you do.

After GenerateElevationBarcode returns successful, EVA spins up a SignalR hub at yourendpoint/message/elevationbarcode. We first need to set up a connection with the hub:

const connection = new signalR.HubConnectionBuilder().withUrl(`${endpoint}/signalr/elevationbarcode`).build();

We can subscribe to the hub using the RequestToken from the GenerateElevationBarcode response:

connection.start().then(() => connection.invoke("Subscribe", { RequestToken: request.RequestToken }));

We can then await confirmation and follow up:

connection.on("Confirmed", confirmation =>
{
render(`<p>Token: ${request.RequestToken}</p>`);
}
);

More on this later.

Have an authorized user scan the barcode

Now, whenever a user that does have the OpenCashDrawer functionality scans the barcode using ParseBarcode, the confirmation will trigger on the SignalR hub.

Use elevation token

In our example, we render the original RequestToken from the GenerateElevationBarcode response. That's because this will be activated as a valid authorization token when confirmed.

We can now call OpenCashDrawer again with an additional header; EVA-Elevation-Token. In this header, we put our RequestToken. Now, we should be able to call OpenCashDrawer successfully.

Note

The EVA-Elevation-Token header does NOT replace your Authorization header.