addTableFilterParam and removeTableFilterParam
Posted: Wed Feb 03, 2016 3:36 pm
We want to be sure that users see only the records (in this case projects) they are allowed to see.
So we create an array _aProjects with the recordIDs the user has access to, and then we use
databaseManager.addTableFilterParam(scopes.utils.DB.SERVER, 'projects', 'project_id', 'in', _aProjects, 'projectsFilter')
for the user.
Now in the time booking module, we have the situation that users should book to projects that they are not allowed to see fully.
However, we need to show the project name of those projects, for example, and also the projects have to be in full reach for the user as he will book time and costs directly to them.
To solve this dilemma, we use databaseManager.removeTableFilterParam(scopes.utils.DB.SERVER, 'projectsFilter') in the onShow() of the timeBookingModule,
and then we call the above addTableFilterParam() again in the onHide(), exactly as stated above.
So we switch the tableFilter on and off, depending on which module the user goes.
Unfortunately, this works only for the first time the user goes into the timeBookingModule.
When he switches to another module and goes back (and therefore triggering the above methodes()), some project records are not there any more. Strangely enough, some project records appear and some not.
It seems as if the removeTableFilterParam() did not unlock the projects table fully, so that some records are still out of reach for the relation that should show them.
What might be the reason for this behaviour?
And has someone an idea how we could solve this in another way that will not have this problems?
To securely hide those projects from the project leaders that they should not see, a foundset.find/search-approach is in my opinion not save enough, as a foundset can always get expanded again to the complete table.
So we create an array _aProjects with the recordIDs the user has access to, and then we use
databaseManager.addTableFilterParam(scopes.utils.DB.SERVER, 'projects', 'project_id', 'in', _aProjects, 'projectsFilter')
for the user.
Now in the time booking module, we have the situation that users should book to projects that they are not allowed to see fully.
However, we need to show the project name of those projects, for example, and also the projects have to be in full reach for the user as he will book time and costs directly to them.
To solve this dilemma, we use databaseManager.removeTableFilterParam(scopes.utils.DB.SERVER, 'projectsFilter') in the onShow() of the timeBookingModule,
and then we call the above addTableFilterParam() again in the onHide(), exactly as stated above.
So we switch the tableFilter on and off, depending on which module the user goes.
Unfortunately, this works only for the first time the user goes into the timeBookingModule.
When he switches to another module and goes back (and therefore triggering the above methodes()), some project records are not there any more. Strangely enough, some project records appear and some not.
It seems as if the removeTableFilterParam() did not unlock the projects table fully, so that some records are still out of reach for the relation that should show them.
What might be the reason for this behaviour?
And has someone an idea how we could solve this in another way that will not have this problems?
To securely hide those projects from the project leaders that they should not see, a foundset.find/search-approach is in my opinion not save enough, as a foundset can always get expanded again to the complete table.