Is it possible to change the attributes of form view for specific user groups in form view tag, like in form tag, readonly="{('user_group','=','some_group')}">
I need to make a form view read-only for s specific user group but only from front-end. Records are updated from code by that user belonging to that specific user group from back-end. and if i disable updating the records of that model by that user group in my security file, that user is not able to modify the records even from back-end.
Best way to do this is by defining a new group that have only read access on that model and add to that user you will save a lot of typing and a lot of your time.
Because what you really asking is to remove edit write for a specific user.
Related
In Laravel is there any way to lock particular record with the user and don't allow another user to edit the same record.
For example, User A edit a record R1. This record will lock for the other Users. At the same time, if any other user tries to edit the record R1 then it show the error message at front-end that 'User A is currently editing this record.' and not allow to update the record.
By default MySQL locks the database when one query updates a record and other queries are made in queue to wait for the current query to finish first.
So basically two users cannot update the same record at the same time. It's not possible.
However if you mean like when a user starts editing a form or something, in that very moment you want to lock all fields of the form in the database so that when other users cannot even access the form until the first user stops editing it then you can go with Stony's answer. Just have a field in the table which gets populated with the id of the user currently editing the form, that way you have a way to check if:
some user is editing the form by checking the field if its null or not
also to fetch the user based upon id and show the message who is editing the form
I advise you to make field nullable and foreign key so that you can use an eloquent relationship to fetch the user easily.
I think you don't mean a Transaction where the table is locked in that moment where the user save something that you don't have inconsistency.
I think in your case you have to make a field in your database in_use. When a user open the edit form you write the user id in that field and lock the form. When the next user enter the form you write a message that user XY is editing the record at the moment. But then you have to look that you unlock the record if the user leave the form / record.
Perhaps something like this could help:
https://packagist.org/packages/tokenly/laravel-record-lock
For the accounts entity I have different account types.
However I need to make some of these records read only only based on the account type, as these records will be slaved in CRM.
However the user should still have ability to create other types of accounts that will be mastered in CRM.
I was thinking to do this via security role however when giving create or edit permission on the account entity user can still create accounts of any type or edit existing slaved data.
What would be the best way to make slaved data read only?
Use business rules to lock all fields based on the type?
Like you said, this cannot be achieved with security role, since the requirement is based on a field value.
Disabling all the form fields in bulk - You can do this in javascript quickly, or may be with Business rules one by one. Verify the field value on form load for your certain slaved value account type, then disable the controls by iterating each one of them.
Still subgrid, webresource, iframes will be editable.
I have entity "Work Order" for which I have defined many custom views. Work Orders can have records with statuses as "active ,cancelled, closed, inprogress, submitted" etc. My requirement is - currently logged in user who belongs to a specific team "sales representative" should be able to see all records on view.This can be done easily, but If current logged in user does not belongs to "sales representative" team, she should not be able to see "cancelled" records on view but all other record should be visible to her. How can I achieve this using custom filters if it is possible? Or by code changes?
It is possible to do this with custom code. Without questioning the "why" you'd like to do this (possibly it's sensitive information or something?), you can achieve it using a RetrieveMultiple plugin registered on the pre-operation event. Within this plugin one of the input parameters passed in is called "Query" and will have a QueryExpression. You can simply add a filter to this query in the plugin and the relevant rows will be filtered out. Something like this:
var query = (QueryExpression)context.InputParameters["Query"];
var condition= new ConditionExpression()
{
AttributeName = "statuscode",
Operator = ConditionOperator.NotIn,
Values = { 2, 3 } // Or whatever codes you want to filter!
};
query.Criteria.AddCondition(condition);
To check the current user you can grab the user id from the plugin context and retrieve the necessary info you would like to check.
Doesn't sound like this is possible with advanced find alright. You may be able to achieve it using security roles though. If you could assign cancelled work orders to a specific team, and then organise your security setup so that users who are not sales representatives can't see work orders from that specific team, then it might work. Unfortunately you would have to reassign the cancelled work orders which is not always an option.
Otherwise, you might have to go with a separate view for cancelled work orders, out of the box advanced find should allow you present a blank grid of you are not on the right team. But now obviously you are not presenting a whole view of the work orders.
In general I would go with the security option, and just make it work. Any other option is just a stop-gap. Users can always create custom views, so if you don't lock down access using security roles, the data is still accessible in indirect ways.
I have a page for editing product details. I want to restrict that only one user can edit the product page. When a new user opens it while there is a current user editing it, I would like to place some notification then automatically make it available once the current user leaves the page. Any suggestion on how I should approach this?
I would recommend just letting them both edit at the same time.
If you want to notify the last person to save their document, then you can add a "version" column to the database.
Upon saving, you would check the version column, to ensure that the row had not been changed. If it had been changed, you would notify the user at that point.
If i understand you question correctly it sounds like you need to know about database concurrency,
Here are a couple of articles:
MSDN
Ironspeed
Now if you are asking how to authorize only a single user to edit records then you would need to look at roles and aloow say only admins to edit records.
you can have optimistic lock on your record while it is in edit mode , once it is saved make that record avaliable for other user.
Try something like this:
Create a table something like userAccess with IsAccessColumn
if user 1 access edit page set isAccess to True
So the second user will not access the edit page if records is set to true.
Then Set to False if user 1 finally edited the record
After that user 2 can now open edit page.
Regards
I would like to create a form to edit user information. The form's default values will be based on currently registered information of the user logged in. For instance, the phone number field will initially have the user's current phone number.
I am aware of the "initial" attribute, but form objects in form.py cannot accept the request object as a parameter, so it cannot grab information from the logged in user.
I really appreciate your kind help.
Create an appropriate model form and pass it the model pulled from the database.