Request: Master Password for DFFS

[Travis Goodman]

Hello,

I would like to see the option for setting a master password that would be applied to all list forms for access to the DFFS backend, instead of having to go through every single list, and setting the password manually on all 3 forms (new, edit, display).

Thoughts?

[AdamP]

I’d actually prefer to see more support for permissions based access and avoid passwords altogether. That gets away from the issues surrounding forgetting/sharing of passwords.
I usually rely on permissions on the SPJS-DynamicFormsForSharePoint list – so users may be able to get in and view the config if they know to click bottom left on the form, but they can’t do any damage as they only have read access.
Would it be possible to apply restrictive permissions to dffs_backend_min.js so that only authorised users can access/view the backend config?

[Alexander Bautz]

Hi,
I think the easiest would be to restrict edit access to the SPJS-DynamicFormsForSharePoint list itself.

You could also write some custom code and place it in the bottom of the “DFFS_loader.html” file to initially hide the enter setup button and only show it to members in a specific SP group. Here is an example:

<style type="text/css">
#dffsEnterSetupBtnWrap{
    display:none;
}
</style>
<script type="text/javascript">
jQuery.ajax({
    url: _spPageContextInfo.webServerRelativeUrl + "/_api/web/currentuser?$expand=Groups",
    method: "GET",
    headers: {
        "accept": "application/json; odata=verbose",
        "content-type": "application/jsom;odata=verbose",
        "X-RequestDigest": document.getElementById("__REQUESTDIGEST").value
    }
}).done(function (data) {
    var g = {};
    jQuery.each(data.d.Groups.results, function (i, o) {
        g[o.Id] = true;
        g[o.LoginName] = true;
    });
    //  Check the group name by display name or ID to see if current user is member
    if(g["TestGroup1"]){
		jQuery("#dffsEnterSetupBtnWrap").show();
    }
}).fail(function (err) {
    // catch error?
});
</script>

I guess setting item level security on the DFFS_backend_min.js file to restrict read access to only a selected group could work also.

Alexander

[AdamP]

Thanks Alexander

The code above – is that different to the built in functionality in the Misc tab of DFFS?

Enter setup button
Disable the “Enter setup” link on the “Enhanced with DFFS” text below the form for all but these user IDs or SharePoint group names / IDs. Use with caution – I recommend setting a password instead.

There is also the option to allow access to the backend config via a dedicated page – That could be set up in a separate site pages library to limit access to authorised users (in conjunction with removal of the setup link on the form)

While I wouldn’t normally support any form of item level permissions, in this case it might be quite effective if used on dffs_backend_min.js

Adam

[Alexander Bautz]

The code does the same as the one in the Misc tab, but by adding it to the loader file you could avoid having to set it in all form configs.

Alexander

[Author]

Posts