Can someone help me out with this? I need a bit of code that, given a string that matches a certain form, gives back a boolean whether the form is viewable by the currently logged in user. I don’t want to have to be sitting on the form itself. I’m looking at JSSecurity.VIEWABLE but I don’t know how to specify the form with that.
Thanks!
JSSecurity.VIEWABLE & JSSecurity.ACCESSIBLE flags only apply to specific elements of a form. You can set these values per element on a form by opening a form in design editor and switching to the security tab (at the bottom).
I could be dead wrong on this but I’m pretty sure with Servoy 4 the ability to set viewable and editable per form was dropped (maybe there is a way still to do it with code?). Prior to that the security editor had form specific configuration:
[attachment=2]Picture 6.png[/attachment]
Existing or not, advanced form level access control is probably best accomplished via data driven navigation partnered with security code. The end result being that when a user logs in, that users group privileges determine which navigation items are displayed. “Data driven” on the simple side can entail hiding/showing tabs on a main form (see Servoy’s Commons Framework). On the advanced side you can have a complete windowing system where only forms you have access to are pulled in. In this scenario you have to build your own navigation configuration screens:
[attachment=1]Picture 8.png[/attachment]
and partner up with your own access and control configuration screens that either drive Servoy’s security data structures or your own:
[attachment=0]Picture 9.png[/attachment]
Other tasks involved with a data driven windowing framework is handling search (default search not be advisable – universal search mechanism much better), and ability to trigger navigation changes from workflow code (in addition to user click).
Fortunately or unfortunately, Servoy will let you do whatever you want. How far do you want to go down the rabbit hole?
david:
JSSecurity.VIEWABLE & JSSecurity.ACCESSIBLE flags only apply to specific elements of a form. You can set these values per element on a form by opening a form in design editor and switching to the security tab (at the bottom).I could be dead wrong on this but I’m pretty sure with Servoy 4 the ability to set viewable and editable per form was dropped (maybe there is a way still to do it with code?). Prior to that the security editor had form specific configuration:
Form level security was not dropped, it can be set from form editor → security tab (there is a list with form+named elements)
Ah, the form is there too. My mistake.
I know you can set the accessible and viewable parameters for each form by group. The thing is, when they log in, I want to know which forms the user is allowed to access so I can set the navigation elements appropriately at startup.
So, like I said, I need a bit of code that, given a string that matches a certain form, gives back a boolean whether the form is viewable by the currently logged in user. I’m sure that somehow this is pretty easy.
I guess this isn’t such a dumb question. I thought I just couldn’t find an otherwise obvious existing function to call.
jmcneely:
I guess this isn’t such a dumb question. I thought I just couldn’t find an otherwise obvious existing function to call.
Indeed there is not currently such a function. Please add a feature request in our system if you need it (http://www.servoy.com/s) . But maybe you can put that access information in some other property (like form name).
Here is my solution:
function is_viewable(form_name)
{
var cur_form = currentcontroller.getName();
application.showForm(form_name);
if (currentcontroller.getName() == form_name)
{
application.showForm(cur_form);
return true;
}
else
{
return false;
}
}
Seems crazy, but it does work. If you can’t view that form, it returns false; this is exactly what I want. If someone can come up with something better I would love to hear it, honestly!
Thanks…
Hi.
My question is unrelated to the discussion above but perhaps it’s dumb enough to be part of this topic
We set table level security with this command security.setSecuritySettings(dataset).
dataset was created in a similar fashion as below:
row = new Array();
row[0] = 'example_data.orders';
row[1] = JSSecurity.READ|JSSecurity.INSERT|JSSecurity.UPDATE|JSSecurity.DELETE|JSSecurity.TRACKING;
dataset.addRow(row);//setting table security
The question is whether we can somehow set similar flags on fields of a table rather than the whole table.
It would be a lot of fun if I was able to mark a product cost, for example, as read-only for some users or invisible for others but leave the rest of the product detail open to view and edit.
We set visibility through Servoy security on the UI level, yes, but that requires us to create a permission for each field on every form where it is present - hard job with a fair chance of failure.
Also, in reporting those fields aren’t even on a form and we would need to maintain our own infrastructure to control that kind of detail - also hard job.
Can Servoy make this kind of control easier for developers?
Perhaps, if it’s not yet there, it is planned for future releases?
Cheers,
Maria