14 Replies Latest reply on Nov 16, 2015 12:19 PM by dtcgnet

    How to check delete privilege of record, without trying to delete

    lumberjacklane

      Is there a way to check the privileges of the current user, on the current record, to see whether they will be able to delete the current record?  We are using FileMakers custom privileges, with a calc to determine if the current user can delete a record in the table.  I would like to build some logic into some scripts, to do various tasks depending on the users ability to delete the current record, but I need some sort of function to get the state of the users ability to delete.

       

      I can just simply copy / paste the calculation from the custom delete privilege to the script, but then we have to remember to update both, wherever I do this, whenever we make a change to one or the other.  Or we could create a custom function, and reference the custom function in both places, but then we will have to create a bunch of custom functions.  Not really ideal.

       

      Any functions for this, or other ideas how to tackle this issue, are greatly appreciated!

        • 1. Re: How to check delete privilege of record, without trying to delete
          DavidJondreau

          I think a custom function is the way to go.

           

          I see nothing wrong with lots of custom functions...but I don't see why you can't build just one. You could put the deletion logic in that function and then use that in the privilege set itself.

          • 3. Re: How to check delete privilege of record, without trying to delete
            dtcgnet

            Let's say that your formula that tests to see if a user can delete the current record was something like:

             

            $$Delete = "Yes"

             

            Because the formula uses a global variable instead of a field or privilege set, you could run a small Delete Check script as part of any other script you might be running.

             

            That script could be something like:

            Script Name is DeleteChecker

            If ( Whatever formula you're using right now = "True" and Get ( AccountPrivilegeSetName) = "The Privilege Set"

            Set Variable $$DeleteCapable = "Yes"

            Endif

             

            Then on layouts where you wanted to allow people to delete, you'd add an OnRecordLoad script trigger that would run DeleteChecker.

             

            Since DeleteChecker would run any time a record was made active, $$DeleteCapable would be set for every record before it could be deleted.

             

            It wouldn't help you if someone was able to use Delete All Records or Delete Found Set, but you could (and should) control their ability to use those commands. You could still modify the criteria in only one place, too. In fact, you could have different conditions for different privilege sets or different layouts.

            • 4. Re: How to check delete privilege of record, without trying to delete
              lumberjacklane

              A custom function might work, however I am not sure it will in this case.  We use the data separation model, and I know of no way to share custom functions between files, or to reference a custom function in a separate file.  If I am mistaken here, please let me know!  The data and UI files have very different relationship graphs, and simply importing a CF from the data file to the UI file won't really work, all the relationships will have to be altered, and both would have to be updated when a change is needed.

               

              As an aside, it didn't occur to me to prompt the user with a custom dialog before deleting.  So, I have a test script that:

               

              Turns error capture on

              Shows a dialog, prompting user to confirm deletion

              If user confirms, delete record with no dialog

              get last error

              if last error > 0, show dialog saying user does not have deletion privs.

               

              This works okay as far as scripting goes, however it would still be nice to have a native FM function that would return boolean deletion status, for things like conditional formatting or conditional hide on layouts.  I think it's much better to simply remove the delete button if a user doesn't have the privilege, than to make the user click the button, confirm delete, THEN be told they don't have the privileges.

              • 5. Re: How to check delete privilege of record, without trying to delete
                dtcgnet

                In your original post, you mentioned that you wanted to "do various tasks depending on the users ability to delete the current record". What sorts of tasks BESIDES deleting a record do you want to do?

                • 6. Re: How to check delete privilege of record, without trying to delete
                  BruceRobertson

                  How does having the privilege set name help?

                  You still need to determine the instantaneous delete privileges fro this user for the table and record in question.

                  • 7. Re: How to check delete privilege of record, without trying to delete
                    wimdecorte

                    You could use a a custom extended privilege bit and test for that...

                    • 8. Re: How to check delete privilege of record, without trying to delete
                      DavidJondreau

                      You gotta give us as much info as possible up front. A separation file adds complexity and it's still not entirely clear what the conditions for deletion are.

                       

                      I read your original post to mean that a user's ability to delete depends on data in the current record. A particular user can delete some records but not others, based on, for example, the record's creation date, or "status" or some other field value or combination of field values and the "current state" (date, etc).

                       

                      That's likely the most complicated case, so if it's not that, please let us know. It would be best to provide actual examples of the situations you're involved in.

                       

                      Regardless, if that's true then you can put the calculation logic inside an actual field in the table. (Custom function or not). Then reference that field when deciding to delete. If you're concerned about calculation maintenence, then a custom function can be helpful as a centralized place to store that logic. But a field calculation could be just as useful. And that field is accessible from whichever file you're working in.

                      • 9. Re: How to check delete privilege of record, without trying to delete
                        lumberjacklane

                        Fair enough, David, I don't think I was clear and specific enough in my original post.  I appreciate you taking the time to help us out, and even though we don'y really want to have to create / change fields, it seems like putting the calc in a field is the way to go.

                         

                        Thanks all for your ideas!

                        • 10. Re: How to check delete privilege of record, without trying to delete
                          wimdecorte

                          I fail it see why you would need to create a calc field.  Your script can evaluate the same conditions as the calc field would and you would not clutter up your schema or have to change the table schema if you decide to change the conditions...

                          • 11. Re: How to check delete privilege of record, without trying to delete
                            dtcgnet

                            Wim, Bruce, or David (or others),

                             

                            Let's say that an OnRecordLoad script sets some variable (or field) equal to "User can delete this record" (or whatever). Each user's record-delete privilege would be set for each record loaded.

                             

                            From a security standpoint, which would be most preferable? Which should be avoided?

                            1) A calculated field

                            2) A global variable

                            3) A global field

                             

                            Also, "Get ( RecordAccess )" will indicate if a record is eligible to be viewed, edited, or both. Just as a question...is there any reason why FM couldn't someday add functionality to that which would indicate whether a record could be deleted (or created) by the user?

                            • 12. Re: How to check delete privilege of record, without trying to delete
                              Markus Schneider

                              make a backup for this (copy that backup to another disk or zip it under OSX), log in with that priviledge set - and delete (on the backup)...

                              • 13. Re: How to check delete privilege of record, without trying to delete
                                wimdecorte

                                dtcgnet wrote:

                                 

                                Wim, Bruce, or David (or others),

                                 

                                Let's say that an OnRecordLoad script sets some variable (or field) equal to "User can delete this record" (or whatever). Each user's record-delete privilege would be set for each record loaded.

                                 

                                From a security standpoint, which would be most preferable? Which should be avoided?

                                1) A calculated field

                                2) A global variable

                                3) A global field

                                 

                                 

                                Why so complicated with the triggers etc?

                                 

                                Just have the script that needs to delete (and if you let your users use menus: the custom menu entry for Delete), check the conditions of the record and allow or disallow the delete.

                                • 14. Re: How to check delete privilege of record, without trying to delete
                                  dtcgnet

                                  Agreed on that level. But the original post mentioned something about wanting to do other things based on the user's ability to delete a given record. If it's only for deletion, I'd probably go the "custom menu/replace the regular delete command" route, too. But if something besIdes or in addition to record deletion is desired...then what? Maybe he wants to show or hide a delete button, for instance. What would be the best way to store the result of whether the record could be deleted?

                                   

                                  Sent from my iPhone