Request: Master Password for DFFS

Forums Dynamic Forms for SharePoint Request: Master Password for DFFS

This topic contains 4 replies, has 3 voices, and was last updated by  Alexander Bautz 4 months, 3 weeks ago.

  • Author
    Posts
  • #20366

    Travis Goodman
    Participant

    Hello,

    I would like to see the option for setting a master password that would be applied to all list forms for access to the DFFS backend, instead of having to go through every single list, and setting the password manually on all 3 forms (new, edit, display).

    Thoughts?

  • #20393

    AdamP
    Participant

    I’d actually prefer to see more support for permissions based access and avoid passwords altogether. That gets away from the issues surrounding forgetting/sharing of passwords.
    I usually rely on permissions on the SPJS-DynamicFormsForSharePoint list – so users may be able to get in and view the config if they know to click bottom left on the form, but they can’t do any damage as they only have read access.
    Would it be possible to apply restrictive permissions to dffs_backend_min.js so that only authorised users can access/view the backend config?

  • #20397

    Alexander Bautz
    Keymaster

    Hi,
    I think the easiest would be to restrict edit access to the SPJS-DynamicFormsForSharePoint list itself.

    You could also write some custom code and place it in the bottom of the “DFFS_loader.html” file to initially hide the enter setup button and only show it to members in a specific SP group. Here is an example:

    <style type="text/css">
    #dffsEnterSetupBtnWrap{
        display:none;
    }
    </style>
    <script type="text/javascript">
    jQuery.ajax({
        url: _spPageContextInfo.webServerRelativeUrl + "/_api/web/currentuser?$expand=Groups",
        method: "GET",
        headers: {
            "accept": "application/json; odata=verbose",
            "content-type": "application/jsom;odata=verbose",
            "X-RequestDigest": document.getElementById("__REQUESTDIGEST").value
        }
    }).done(function (data) {
        var g = {};
        jQuery.each(data.d.Groups.results, function (i, o) {
            g[o.Id] = true;
            g[o.LoginName] = true;
        });
        //  Check the group name by display name or ID to see if current user is member
        if(g["TestGroup1"]){
    		jQuery("#dffsEnterSetupBtnWrap").show();
        }
    }).fail(function (err) {
        // catch error?
    });
    </script>

    I guess setting item level security on the DFFS_backend_min.js file to restrict read access to only a selected group could work also.

    Alexander

  • #20405

    AdamP
    Participant

    Thanks Alexander

    The code above – is that different to the built in functionality in the Misc tab of DFFS?

    Enter setup button
    Disable the “Enter setup” link on the “Enhanced with DFFS” text below the form for all but these user IDs or SharePoint group names / IDs. Use with caution – I recommend setting a password instead.

    There is also the option to allow access to the backend config via a dedicated page – That could be set up in a separate site pages library to limit access to authorised users (in conjunction with removal of the setup link on the form)

    While I wouldn’t normally support any form of item level permissions, in this case it might be quite effective if used on dffs_backend_min.js

    Adam

    • #20689

      Alexander Bautz
      Keymaster

      The code does the same as the one in the Misc tab, but by adding it to the loader file you could avoid having to set it in all form configs.

      Alexander

You must be logged in to reply to this topic.