DFFS Example: Limit access to form

This example show how you can use a set of rules to ensure only persons assigned in a people picker in the form, or members in an admin group can view or edit a list item.

Add these three rules:

This rule doesn’t have any actions.
This rule doesn’t have any actions.
This rule checks the two previous rules, and calls a function if both are false.

Then add this function to your Custom JS:

function noAccessToThisForm(){
jQuery("#part1").hide();
spjs.dffs.alert({
"title":"No access",
"msg":"You don't have access to this list item.",
"ok":function(){
window.history.back();
}
});
}

You can use this setup in both DispForm and EditForm, and it will show this message box if the user doesn’t have access:

Post any questions below, or use the forum.

Alexander

4 Comments on “DFFS Example: Limit access to form

  1. For those using this or a similar approach, remember that this may not prevent unauthorized users from editing fields in the item from a Quick Edit view on the list. To prevent that, make the default view on the list a grouped view (so it cannot be put into Quick Edit mode), embed all your admin views in custom pages with restricted permissions to the page, then remove your admin views from the list itself.

    This does not totally prevent people from editing items, unless you also create a custom permission level that does not allow them to create personal views on the list.

    1. I have eliminated the Quick Edit capability by turning it off under Advanced Settings on a few select lists. This then applies to Public and Personal views.

      Power users with EDIT permission can turn it back on but most users don’t know about that . Not sure if CONTRIBUTE permission users can turn it on.

      I want to keep 99% of casual editors in the form views as that is where all the cool DFFS stuff operates (auto emails, tooltips, JS, etc.) So I always include the EDIT icon as the first column in every view.

      I like your grouped view default view idea as well.

  2. I have a question regarding the redirection between forms. I have a list where everyone should be able to create new content, so I have no rules restrictting access to NewForm. Now any user can create a new list item, but when the regular user is finished he should be redirected to DispForm if he has no rights, otherwise the user should be redirected to EditForm if he has editor-rights. If possible I would like to label the save button individually, depending on the group the current user is in, for example an user with rights sees a button “proceed to next step” whereas an user without rights sees the regular save button.

    I have tried using the hide save/ edit button options in rules but those don’t seem to work, maybe because of the misc settings…
    I am sure that is possible with CJS, but I have no Idea how.

    1. Hi,
      You can hide the default save button and add your own buttons in a HTML section. Here is an example of a function you can call from the button to set the redirect to DispForm and save the form. Make another function to redirect to EditForm and use rules to show or hide the correct button for each user.

      function goToDispForm(){
        spjs.dffs.redirect(location.pathname.replace(/NewForm.aspx/i,"DispForm.aspx") + "?DFFSID=" + getFieldValue("_DFFSID"));
        spjs.dffs.triggerSave();
      }

      Alexander

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.