What are we going to achieve by Expression Language (EL)
In this article we will see how we can use expression language to mask salary amount for a specific role. Lets assume that we have a business requirement where a person having role HR Assistant should not be able to see salary of a worker if its more than 100, instead of that, application should mask it in the form of asterisks (*****).
Learn Page Customization (Personalization) along with Expression Language
Shorty we will go through the steps required to achieve business requirement we outlined earlier. However, it is good to know that Expression Language (EL) is used in conjunction with page composer (personalization) and usually considered customization. These customizations may get wiped out by oracle’s periodic patch and thus requires regular maintenance. As a best practice it should be our endeavor to minimize any short of customization as much as possible.
Steps to achieve this requirement through Expression Language
Here are the steps we need to follow to get this done. First thing we need to know is the code of the role HR Assistant, in expression language we need to use the code of the role. To get the code navigate to Tool » Security Console » On the left hand side ensure Roles is selected. On that page enter the role name and click on search.
Once you have got the role code, next step is to create a sandbox. To create a sandbox navigate to Navigator » Configuration » Sandboxes » Click on button Create Sandbox
On the Create Sandbox page, enter details as follows
- Name : <Any Name you want>
- Publishable : Yes
- Tools : Under tools select Page Composer.
Once done click on button Create and Enter. You will see yellow bar at the top of your screen. Congrats!! you are inside a sandbox.
Once we have sandbox in place, next step is to navigate to the page you want to mask data. In this example we are considering the page available in this navigation Home » My Client Group » Person Management » Compensation » Manage Salary
when you are on the page, you need to customize, click on the Tools » and then select Page Composer option from the sandbox menu as shwon below in the image.
Now click on Structure tab and then hover your mouse over Salary Amount and then click there as shown in the image below. Down on your screen click on the edit/configure button (number 3 as shown in the image below)
Once you click on that configure icon, a popup window will appear, scroll below and locate value section. Click on that and select Expression Builder
You will see a screen like below, click on “Type a value or expression”
This is the place we write our expression language to customize system default behavior. To achieve business requirement mentioned earlier we will write below expression
#{securityContext.userInRole['AVI_HR_ASSISTANT_CUSTOM'] && bindings.SalaryAmount.inputValue > 100 ? '****' : bindings.SalaryAmount.inputValue}
Click on Apply and then Okay. Now publish the sandbox.
To publish the sandbox, click on the sandbox name and you will get option to publish it.
Now login using an account which has role “HR Specialist” and then search for a person whose salary is more than 100. You will see asterisk marks as shown below. Please note other salary fields like Annual Salary, Annualized Full-Time Salary are still displaying unmasked data as we have not written expression language for them. You can just repeat the same steps and code for these fields also.
If you try to access the same employee from account, which doesn’t have this restricted role “HR Specialist”, will be able to see unmasked data without any problem.
How to write expression language to achieve any business requirement?
In this example we have written below piece of code
#{securityContext.userInRole['AVI_HR_ASSISTANT_CUSTOM'] && bindings.SalaryAmount.inputValue > 100 ? '****' : bindings.SalaryAmount.inputValue}
If you give a closer look, you will find that it is nothing but an IF – THEN – ELSE statement
Syntax for IF- THEN – ELSE in expression language is #{ [test] ? [then1] : [else2] }
Above code is simply saying that IF user has role “HR Assistant” AND Worker Salary is greater than 100 THEN mask the data ELSE show original salary amount.
securityContext.userInRole function helps in determining logged in user role
Some of other similar functions are
Function to determine name of logged in user – #{securityContext.userName}
Function to check if user is logged in – #{securityContext.authenticated}
Function to check if user is has at least one role in comma separated list – #{securityContext.userInRole[‘roleList’]}
Function to check if user has all roles in comma separated list – #{securityContext.userInAllRoles[‘roleList’]}
However, these are not the only syntax available in expression language, list goes long you can also check this white paper for more information.
When is the Expression Language executed?
Code which you write using expression language fires when the page gets rendered initially, first time. You can also run it explicitly by refreshing the page. Setting one field based on another will work fine upon first display, however if you expect dependent fields to change dynamically all the time then often this is not possible. At this time you cannot add expression language to a page which causes it to automatically reload or redirect based on specific EL condition.
A bit of caution
It is also important to know that not all pages support all features, hence, while responding to any RFP or business query please check it thoroughly what you are going to promise is actually achievable.
Have More Question?
If you have any other question or doubt, please do not hesitate to post them in our oracle fusion forum