Solved: Re: Dynatrace App Current user information

StephenLHChan · ‎18 Jul 2023

Hey,

We are trying to build an app. We need the current user information, like name, login id/email, user groups, for further processing. Is there any SDK available that can return me this kind of information?

Thanks.

Stephen

Iplinsky · ‎18 Jul 2023

I am not shure, but you can do it by APIs

Dynatrace Certified

sinisa_zubic · ‎19 Jul 2023

Hi @StephenLHChan

The team is currently working on an SDK which should give you such kind of information. Unfortunately I can't give you an ETA for it.

Best,
Sini

jellypuno · ‎19 Jul 2023

following this thread... 👀

Magandang araw sa inyong lahat! 🙂

sw · ‎01 Aug 2023

Hi @StephenLHChan, the SDK package is planned for 23CQ3.

In the meanwhile, you could use the service documented in the swagger spec:

https://{environmentid}.apps.dynatrace.com/platform/swagger-ui/index.html?urls.primaryName=Identity%20and%20Access%20Management

StephenLHChan · ‎01 Aug 2023

Hi @sw and @sinisa_zubic ,

Are you guys talking the same SDK?

Apologize if there is any misleading at my question.

@sw gave the url which is the endpoint get all users' information but what I am looking for is if there is a way to get the current user information who use the app.

For example, userA click on the app and the SDK will return userA's information to me. And, I will know userA had used the app. I may then ingest logs/ custom events to Dynatrace after userA triggered certain actions.

It is to fulfil some audit requirements at my company.

Thanks!

sinisa_zubic · ‎07 Aug 2023

Yes we are talking about the same SDK. @sw should know more details

sw · ‎07 Aug 2023

Hi @StephenLHChan

Sorry for the confusion.
Yes, the SDK package will provide information as:

currently logged in user
Environment ID and URL
App ID, name, version

May I ask for your use case, why do you need the user groups too?

StephenLHChan · ‎14 Aug 2023

hi @sw

it is for access right control. If I know the user group of the users, I can limited certain pages of the app only to some users.

sw · ‎21 Aug 2023

Thanks @StephenLHChan for the insights! This won't be part of this package for now, but I'll discuss this with the team.

muzztafa · ‎23 Jul 2024

Hi @sw ,

Has there been any update on the SDK yet?

DaveOps · ‎17 Sep 2024

There is a problem with the permission scope for this API that can't be assigned to an oauth client.

sw · ‎22 Aug 2024

The package providing this information (except user groups) is now available: https://developer.dynatrace.com/develop/sdks/app-environment/

DaveOps · ‎03 Sep 2024

I also have the same use case to shield of pages for default users; I would like to be able to access the user groups through the SDK.

educampver · ‎10 Sep 2024

Hi @DaveOps, a new SDK will soon be available to access the user groups. I'll let you know when it's out.

Best, Edu.

DaveOps · ‎16 Sep 2024

It seems this API is not available any more:

import { effectivePermissionsClient } from '@dynatrace-sdk/client-platform-management-service';

Outdated docs:
https://developer.dynatrace.com/develop/security/query-user-permissions/

Is there a workaround for this?

educampver · ‎16 Sep 2024

Hi @DaveOps, what do you mean it's not available? Here's the NPM package https://www.npmjs.com/package/@dynatrace-sdk/client-platform-management-service. Additionally I tried what's in our documentation and it works as expected. What issue are you having?

DaveOps · ‎17 Sep 2024

I am using and older version 1.0.1; that could be the issue.

DaveOps · ‎16 Sep 2024

Is there a way to get the user account_id ?

educampver · ‎16 Sep 2024

Hi @DaveOps, you can use this https://developer.dynatrace.com/develop/sdks/app-environment/#getcurrentuserdetails.

DaveOps · ‎17 Sep 2024

I created a solution to address the user permission problem and will share some of the important parts.
The approach involves checking if a user is part of an admin group returning a boolean. This is a simple way of differentiating between 2 types of users.

Created an appFunction that fetches user groups with the getUserGroupsV2 function. This function checks if a user belongs to an admin group.

export const getUserGroupsV2 = async (accountUuid: string, userEmail: string, bearerToken: string) => {
  const url = `https://api.dynatrace.com/iam/v1/accounts/${accountUuid}/users/${userEmail}`;

  try {
    const response = await fetch(`${url}`, {
      method: 'GET',
      headers: {
        'Content-Type': 'application/json',
        'Authorization': `Bearer ${bearerToken}`
      }
    });

    if (!response.ok) {
      const errorText = await response.text();
      console.error('Error response:', errorText);
      throw new Error(`HTTP error! status: ${response.status}`);
    }

    return await response.json(); 
  } catch (error) {
    console.error('Error fetching groups:', error);
    throw error;
  }
};

Make an oauth request to get the bearer token:

export const getOAuth2Token = async (client_id: string, client_secret: string, scope: string, resource: string) => {
  const url = 'https://sso.dynatrace.com/sso/oauth2/token';

  const params = new URLSearchParams({
    grant_type: 'client_credentials',
    scope: scope,
    client_id: client_id,
    client_secret: client_secret,
    resource: resource,
  });

  try {
    const response = await fetch(url, {
      method: 'POST',
      headers: {
        'Content-Type': 'application/x-www-form-urlencoded',
      },
      body: params.toString()
    });

    if (!response.ok) {
      const errorText = await response.text();
      console.error('Error response:', errorText);
      throw new Error(`HTTP error! status: ${response.status}`);
    }

    const data = await response.json(); 
    return data;
  } catch (error) {
    console.error('Error fetching OAuth2 token:', error);
    throw error;
  }
};

With a couple of helper functions:

const belongsToGroup = (user: User, groupName: string) => {
    if (user && user.groups && Array.isArray(user.groups)) {
        return user.groups.some(group => group.groupName.toLocaleLowerCase() === groupName.toLocaleLowerCase());
    }
    return false;
}

export const isSecurityAdmin = (user: User) => {
    return belongsToGroup(user, 'Security Admin');
}

You can store the oauth credentials in a .env for development purposes however I would recommend adding additional features to fetch and update the settings using the client-app-settings from the sdk.

// example

import { appSettingsObjectsClient, EffectiveAppSettingsValuesList, AppSettingsObjectResponse } from '@dynatrace-sdk/client-app-settings';

export const fetchConfig = async (schemaId: string): Promise<any[] | null> => {
    try {
        const response: EffectiveAppSettingsValuesList = await appSettingsObjectsClient.getEffectiveAppSettingsValues({
            schemaIds: schemaId,
        });

        if (response.items.length === 0) {
            console.warn(`No configuration found for ${schemaId}.`);
            return null;
        }

        console.log(`fetchConfig for schemaId: ${schemaId}`, response.items);

        return response.items;
    } catch (error) {
        console.error(`Error fetching configuration for schemaId: ${schemaId}`, error);
        return null;
    }
};

export const updateAppSettings = async (
    objectId: string,
    value: { [key: string]: any },
    optimisticLockingVersion: string
): Promise<boolean> => {
    let result = false;

    console.log('updateAppSettings', objectId, value);

    try {
        const putResponse: any = await appSettingsObjectsClient.putAppSettingsObjectByObjectId({
            objectId: objectId,
            optimisticLockingVersion: optimisticLockingVersion,
            body: {
                value: value
            }
        });

        if (putResponse) {
            console.log('Configuration updated:', putResponse);
            result = true;
        } else {
            console.warn('No response received from PUT request.');
        }
    } catch (putError) {
        console.error('Error during PUT:', putError);
    }

    return result;
};

The front-end parts:

// .... snippet

import React, { useEffect, useState } from 'react';
import { getCurrentUserDetails } from "@dynatrace-sdk/app-environment";
import { useAppFunction } from '@dynatrace-sdk/react-hooks';

// .... snippet
const [loading, setLoading] = useState(true);
const [userEmail, setUserEmail] = useState<string | null>(null);
const { setPermissions } = useAppState(); // custom hook to store state 

// .... snippet
// implement your own appFunction to fetch permissions that uses the getUserGroupsV2 function.
const fetchPermissions = useAppFunction({
    name: "backend",
    data: { query: "fetch-permissions", blob: userEmail },
  }, { autoFetch: false, autoFetchOnUpdate: true });

// .... snippet
useEffect(() => {
    const fetchUserData = async () => {
      try {
        const userDetails = await getCurrentUserDetails();
        console.log('User details:', userDetails);
        if (userDetails.email) {
          setUserEmail(userDetails.email);
          fetchPermissions.refetch();
        }
      } catch (error) {
        console.error('Failed to fetch data', error);
      } finally {
        setLoading(false);
      }
    }
    fetchUserData();
  }, []);

  useEffect(() => {
    if (fetchPermissions.data) {
      const { permissions } = fetchPermissions.data as PermissionsResponse;
      setPermissions(permissions);
    }
  }, [fetchPermissions]);

Based on the permissions you can toggle menu items:

{permissions?.admin && (
          <AppHeader.ActionItemGroup>
            <AppHeader.ActionButton
              prefixIcon={<SettingIcon />}
              showLabel={true}
              onClick={() => navigate('/settings')}
              aria-label="App Settings"
            >
              Settings
            </AppHeader.ActionButton>
          </AppHeader.ActionItemGroup>
)}