Hi @m.stepniewski
You a touching on a lot of different topics in one question! I’m going to try and give you an overview of the options. Please feel free to reply as linked topics to create new threads with more specific questions.
Point 1
Models only support Role Based Access Control (RBAC), see here. This means that if you want to display specific components in a Form Model based on a user’s role that, yes, you would need to create multiple models. You would then need to manage which Modules were shown to users with which roles in the App Model.
Developers can use Attribute-Based Access Control (ABAC), see here, to control in a more specific way if a user is authorized to see a specific Form Model element. This would also allow you to control if that user can create, edit and delete the data shown in this Form Model element. This is important, as your underlying Document Model might allow the user to edit all fields (even if they are not displayed).
Point 2
Modelers can model Dependencies which can be triggered in the Form, see here. This means that I can model a Field (Confirm, Boolean or Enumeration) which, when it is set to a specific value, sets fields or groups of fields to read-only on the form. Alternatively, you can trigger Form Model Elements to be shown and effectively swap out read-only Control Grids and Repeats with editable Control Grids and Repeats. This would be very time-consuming to model
Developers can set a Form to be read-only using a technical flag. You can see this in the Form Model Preview where there is a Read Only box that you can tick in the sidebar. Developers can also code a custom event which you could reference in a Button that you model in the Form. Additionally, thinking back to your first point, you could control who sees this button with ABAC.
Point 3
This is now a combination of the ideas from the first points.
If you want to control who can read or edit and update documents based on a specific attribute (whether they are linked to another document which is matched to the user) then you would need to use ABAC. Whether you use one Form which is technically set to read-only or model multiple Form Models so that the data can be presented differently is dependent on what “different forms of Document B” means for your project.
Hi, thanks for answer.
Regarding 3rd point:
I already use ABAC to secure read/write access to stored documents.
But is it possible to use ABAC to display different forms(read only and modifable) for two different users with the same role but e.g different usernames. I couldnt find that in provided documentation.
Thanks for the clarification, I can’t answer this and so I’ve asked my more technical colleagues to take a look.
Hi there,
I will answer on technical perspective:
-
You can customize your Form component for display-specific components based on user roles.
More information in this: GetA12 Login
-
Implement a Redux Saga:
- Introduce a saga to manage the read-only state of the form.
- When the “Edit” button is clicked, the saga listens for the corresponding event.
- The saga then dispatches the following action, which transitions the form from read-only to editable:
yield* put(FormEngineActions.command({
activityId: activityId,
engineEvent: Commands.setReadonly(false)
}))
- I think before the form open, you have to check the user have the permission for editing the form or not. If yes, dispatch an action same as above for making form editable, otherwise, make form disabled.
Hi @m.stepniewski ,
did @long-narrow-bloom reply answer your questions or do you need further support?
If they are answered, please, use the checkbox to mark the solution to your problem so that other users also know what helped in your case.
Denise from the Discourse team