13 Replies Latest reply on Aug 8, 2011 11:11 AM by philmodjunk

    Locking a Form record

    mgores

      Title

      Locking a Form record

      Post

      If I set the security settings for a limited access to records on a table, IsEmpty(table::signature) , will it also prevent modifying portal fields on that layout?

        • 1. Re: Locking a Form record
          philmodjunk

          Only if you set the same limitations on the portal's table.

          (And this won't prevent creating a new record in the portal if "allow creation..." is enabled...

          • 2. Re: Locking a Form record
            mgores

            Maybe a script trigger on layout entry to check if (table::signature) is empty go to the normal layout, but if it contains a signature - go to a layout where all fields have field entry diabled.

            • 3. Re: Locking a Form record
              philmodjunk

              Possibly, but a key reason for using Manage | security is to avoid the less secure layout based record locking. If you lock the portal table with record level access control just like the layout's table, you can set a validation rule on the fields in the portal to reject any data if the table is locked, then use a script trigger to deny access to the portal to make the interface more friendly.

              On our invoicing system, we use an OnObjectEnter trigger on the portal to run a script to check the privilege set. If editing an invoice is not permitted for this users, commit record is used to kick them back out of the portal. This is a two layer defense. The data level validation makes sure that even if I fail to perfectly set up my script triggers on every layout where it's possible to access this table, unauthorized record creation will be prevented. The script trigger then intercepts the attempted access before a new record can be attempted to make the interface run more smoothly.

              • 4. Re: Locking a Form record
                mgores

                So would i create a new privledge set, say Technician, and then set that to limited access to each table based on each form::signature block.  Then set the OnObjectEnter script trigger on the data portal for each of the form layouts to check if that form::signature field and if it is signed - commit record to kick them out of the portal?  I already have OnObjectEnter script triggers on the portals to capture the portal name to keep track of the data records, can there be more than 1 script per trigger event?

                • 5. Re: Locking a Form record
                  philmodjunk

                  No, but you can merge both tasks into the same script. And this need only be done for portals where new record creation is permitted in the relationship set up.

                  • 6. Re: Locking a Form record
                    mgores

                    ok I wrote a test script that sets $formlock to Get ( LayoutTableName ) & "::signature" and displays it in a dialog box to check the results, then added a perform script step in my previous script.  It seems to work as it gives me TableX::signature

                    So could I use a If (IsValid ($formlock)) - commit record?  to kick the user out of the portal?

                    • 7. Re: Locking a Form record
                      philmodjunk

                      IsValid won't tell you want you need to know here. The fact that the data in the referenced field is valid doesn't tell you if the user is permitted access to the field.

                      In our system, we just need to compare the privilege set name to the status field of the parent record.

                      If [ Get ( AccountPrivilegeSetName ) = "LowLevelAccess" And Invoices::Status = "Printed" ]
                         Commit Record[]
                      End If

                      • 8. Re: Locking a Form record
                        mgores

                        OK I was trying to have it set by whether the form had been signed or not(it would take administrator access to go into the data table to alter any data once signed), and was thinking I would check the signature field.  There is a signature field for each form table and in this instance each form table is a parent and the data table is the child.

                        It doesn't seem to matter whether I try IsValid or IsEmpty on the container field, it goes to commit record anyway.  Do those functions not work on containers?

                        • 9. Re: Locking a Form record
                          philmodjunk

                          IsEmpty should work. Make sure it's set up like this:

                          IsEmpty ( GetField ( Get ( LayoutTableName ) & "::signature" ) )

                          • 10. Re: Locking a Form record
                            mgores

                            So I got:

                            if Get ( AccountPrivilegeSetName ) = "Admin"

                            Exit script

                            End If

                            If IsEmpty ( GetField ( Get ( LayoutTableName ) & "::signature" ) )

                            Exit script

                            End If

                            Commit records

                            • 11. Re: Locking a Form record
                              philmodjunk

                              Which could be simplified to:

                              If [ Get ( AccountPrivilegeSetName ) = "Admin" or IsEmpty ( GetField ( Get ( LayoutTableName ) & "::signature" ) ) ]
                              Else
                                Commit Record[]
                              End If

                              • 12. Re: Locking a Form record
                                mgores

                                That seems to work, but on the forms the privlege sets part doesn't seem to work.

                                I set up a privilege set, Tech, and set records to custom privileges.  then for the form table set the Edit and Delete to limited - IsEmpty ( GetField ( signature ))

                                Thinking that should allow editing the fields if signature is empty and prevent it if there is a signature present.  It is not preventing the editing of the fields.

                                • 13. Re: Locking a Form record
                                  philmodjunk

                                  You don't need getfield unless you are calculating the name of the table and field. If Signature is defined in form table where you are putting this RLA calculation in place, make it IsEmpty ( Signature ).