In this #PowerShot, I will show you can make deep linking in Canvas App restrictive towards the data displayed to a user when they launch the app from a parameterized URL.
Let's Get Started
Let's take a look at an approval scenario where a manager is supposed to view the data of their reporters only and every time a user creates a request an email with a link to the app is sent to the manager. The manager can view the approval request related data by clicking the link in the email that directly takes them to the details page of the item that requires the review via deep linking.
However, when the manager clicks the link, the re-direct URL in the browser displays the parameter that has been passed and if that is changed, the other items corresponding to the parameter can be viewed. For example, in the approval case, the data source being used is a SharePoint list and the items are identified via the ID, and the managers are identified by the person column on the list. We will create the app in a way that based on the user accessing the app, a validation is performed to check if the user is allowed to access the item via the person type field and if they are allowed only they show the item details or else show an error message.
Power Apps
Let's start with a basic example. Here, I have created an App using the "Start With Data" template and connected to SharePoint as a datasource.
Regular Deep Linking
1) App -> OnStart --> Checks whether the browsed URL contains a value for ItemId parameter. If it does, then sets a variable with ItemId and take the users to Edit Screen.
If(
!IsBlank(Param("ItemId")),
Set(ParamId,Param("ItemId"));
Navigate(EditScreen1);
)
2) Item Property -> Edit Form --> If the ParamId variable is not blank, then it will show the ItemId related record. If it is blank, then it will display the record based on gallery selection.
If(
!IsBlank(ParamId),
LookUp(
KLIOS,
ID = Value(ParamId)
),
BrowseGallery1.Selected
)
3) Screen -> OnHidden -> Set(ParamId,Blank())
Here, we are setting the ParamId variable as Blank because if user selects any item from the gallery, we do not want to default to the record passed in the parameter.
Restrictive Deep Linking Setup Instructions:
1) OnStart property of the app plays a vital role here, as it checks whether the logged-in person is the approver or not.
The expression used on On Start Property:
If(
!IsBlank(Param("ItemId")),
With(
{
AssociatedRecord: LookUp(
KLIOS,
ID = Value(Param("ItemId"))
)
},
If(
AssociatedRecord.Approver.Email = User().Email,
Navigate(EditScreen1);
Set(
AllowedToEdit,
true
),
Navigate(NotAllowedPage);
Set(
AllowedToEdit,
false
)
)
)
)
Explanation: It first checks whether there is a parameter present for the deep link. If there is no parameter with the name "ItemId", then the user is navigated to the first screen of the app. If there is a parameter that exists with the name "ItemId", then it will check if the value passed in the parameter has an approver as the logged-in user. If the logged-in person is the approver, it opens the record in edit mode, else takes the user to a separate screen showing an error message.
AllowedToEdit is a variable that is used in the configuration of other screens to identify whether the logged-in user is through the first level of security or not.
2) For the Item to show in Edit Form, the expression used in the Item property of the edit form:
If(
AllowedToEdit,
LookUp(
KLIOS,
ID = Value(Param("ItemId"))
),
BrowseGallery1.Selected
)
Explanation: This checks if the AllowedToEdit variable is set to true, then show the record identified by deep link parameter, else show the one selected from the gallery.
Note: In this case, we are using an edit form, so the expression is used on the Item property. If there is any other control, then you will need to select the appropriate property. For individual controls, you can store the values in a variable or collection, to save API calls.
3) Set the AllowedToEdit variable to blank on EditScreen hidden, so that the variable is reset for any other navigation to the screen and it shows the selected item from the gallery as expected.
Screen -> OnHidden -> Set(AllowedToEdit,false)
Setup in Action
In this post, we looked at how to customize a canvas app to enable restrictive deep linking to enhance data security. Similar setup can be used for apps where the requirement is only to show data or get an input on specific items assigned to a specific user and etc.
I hope you found this interesting and it helped you. Thank you for reading!