Logged In User App Context Snippets

Custom Code Snippets — Logged-in User & App Context

Copy-paste examples for reading the signed-in user, app metadata, and app variables inside a Custom Code workflow step. Use the safe accessors — they always return a value, even when the source isn't populated:

• getLoggedInUser("field", default) / loggedInUser
• getAppDetails("key", default) / appDetails
• getAppVariable("slug", default) / appVariables
• getLocalStorage("key", default) / getSessionStorage("key", default) (client workflows only)

Role-gated message

const role = getLoggedInUser("role", "guest");

let message;
if (role === "admin")        message = "Admin tools enabled.";
else if (role === "manager") message = "Manager dashboard ready.";
else                         message = "Welcome.";

returnData("role",    role);
returnData("message", message);

Read a per-app variable

const supportEmail = getAppVariable("support_email", "support@example.com");
const brand        = getAppDetails("name", "Our App");

returnData("footer", `${brand} — questions? ${supportEmail}`);

Stamp the current user on a record-bound payload

returnData("audit", {
  by:  getLoggedInUser("email", "system"),
  at:  DateTime.format(DateTime.now(), "YYYY-MM-DD HH:mm:ss"),
  ip:  getLoggedInUser("ip", null),
  app: getAppDetails("slug", "")
});

Permission gate — fail the step for unauthorized users

// Inputs: required_role (custom_val "admin")
const userRole   = getLoggedInUser("role", "guest");
const required   = String(params["required_role"] || "admin");

if (userRole !== required) {
  returnData("authorized", false);
  returnData("message", `This action requires the "${required}" role. You are a "${userRole}".`);
  return;
}

returnData("authorized", true);
returnData("user_email", getLoggedInUser("email", ""));

Self-vs-other check (only the owner can act)

// Some actions should be restricted to the record's owner.
const me      = getLoggedInUser("id", null);
const ownerId = record.owner_id || record.user_id || null;

const isOwner = !!me && !!ownerId && me === ownerId;

returnData("is_owner",  isOwner);
returnData("can_edit",  isOwner || getLoggedInUser("role", "") === "admin");

Personalize a greeting with safe defaults

// Uses every fallback so this never reads "Hi, undefined!"
const name = getLoggedInUser("first_name", "")
          || getLoggedInUser("name", "")
          || getLoggedInUser("email", "").split("@")[0]
          || "there";

returnData("greeting", `Hi, ${Str.capitalize(name)}!`);

Read environment-specific defaults from app variables

// Define `env` ("staging"/"production") in App Variables; switch behavior off it.
const env = getAppVariable("env", "production");

const config = env === "production"
  ? { api: "https://api.example.com",      log_level: "warn" }
  : { api: "https://api.staging.example.com", log_level: "debug" };

returnData("env",       env);
returnData("api_base",  config.api);
returnData("log_level", config.log_level);

Build a tenant-scoped key for an external system

// Useful when one external account holds many Tadabase apps.
const appSlug    = getAppDetails("slug", "default");
const userEmail  = getLoggedInUser("email", "");

returnData("tenant_key",  `${appSlug}::${userEmail}`);

Feature toggle from app variables

// Flip a boolean app variable in one place to enable a flow without code changes.
const newCheckout = String(getAppVariable("flag_new_checkout", "off")).toLowerCase() === "on";

if (newCheckout) {
  returnData("flow", "stripe_v2");
  returnData("checkout_url", "/checkout/v2");
} else {
  returnData("flow", "stripe_v1");
  returnData("checkout_url", "/checkout");
}

Bundle a "context" object for an outbound API call

// Mostly when calling out to an audit or CRM service that wants
// "who did this and where" alongside the data.
returnData("context", {
  user: {
    id:    getLoggedInUser("id"),
    email: getLoggedInUser("email"),
    role:  getLoggedInUser("role", "guest")
  },
  app: {
    id:   getAppDetails("id"),
    slug: getAppDetails("slug"),
    name: getAppDetails("name")
  },
  request: {
    record_id: record.id,
    timestamp: DateTime.format(DateTime.now(), "YYYY-MM-DD HH:mm:ss")
  }
});

Warn when an admin is impersonating another user

// `impersonating_id` is set when an admin "logs in as" another user
// — you may want to skip side effects or stamp it differently.
const impersonating = !!getLoggedInUser("impersonating_id", null);

if (impersonating) {
  console.warn("Impersonated session — skipping audit emails");
  returnData("send_email", false);
} else {
  returnData("send_email", true);
}

returnData("acting_user_id",     getLoggedInUser("id"));
returnData("impersonated_by_id", getLoggedInUser("impersonating_id", null));

Build an absolute link back into the app

const base = getAppDetails("base_url", "");
const link = `${base}/r/${record.id}`;

returnData("record_link", link);
returnData("share_blurb", `View the record at ${link}`);