Edit other peoples documents (web)

285 pts.
Tags:
Domino 6.5
Lotus Notes 6.x
Lotus Notes permissions
hi! I'm working on a domino-based website, I've developed a client contact form, that our staff can use when contacted by the public. Everything works fine, but when a document is added to the contact list, I'd like to make it so that if the client contacts one of our other staff, they can search the directory and edit/update the existing record. Everything works up to the point where they click to edit the document (using the !EditDocument cmd) they are prompted to log in again to the site. I guess it's looking for the original author's credentials. Any suggestions on how to get around this? Mucho thanks...

Answer Wiki

Thanks. We'll let you know when a new response is added.

Need more info. What’s the ACL look like? Default/Anonymous rights? You say they’re “prompted to log in again to the site” – to the site or to the database? Again? When was the first time? OOC, are you using SSO?

Discuss This Question: 8  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Mrg
    ACL as such: Default: No access; *: Person Group/Author -- Create, Delete, Replicate or copy documents. No SSO. Users can browse the site anonymously, but to enter a certain section to view/create/modify, they must login to the site. (I use the !Login url cmd.) Once they have logged in, they are able to view/create/modify. They have no problems with their own records. And they can view other people's records, but if they click to edit, they are prompted to log in to the site. The only way around this is to either enter in the credentials of the author of that record, or the admin to log in. I had thought when I first developed this, other staff could edit other records, but now when I test again, it's not working.
    285 pointsBadges:
    report
  • Stiletto
    If a person has "Author" rights granted in the ACL, then the only documents they can edit are their own documents. In order to be able to edit documents that have been created by somone else, the person needs "Editor" rights granted to them via the ACL.
    3,830 pointsBadges:
    report
  • Mrg
    Hmm... So how dumb would it be to change them over to an editor? What sort of doors/pitfalls am I opening if I did something like that? Would it help at all if I created a Role for *?
    285 pointsBadges:
    report
  • Stiletto
    Well that really depends on the security requirements of your app, now doesn't it? If it's okay, or even desirable, for someone with editor rights to be able to edit any document that someone else created, then you're all set. If not, then your faced with some other options. For example, you could still grant the editor rights, and use code to keep people out of docs that you don't want them mucking with. Or, you could leave everyone with author rights, and use code to alter the list of authors on a doc to select the people that you want to allow to make changed to it. As for roles, you might be able to use them to simplify matters somewhat, but when it comes right down to it, the choices are still the same.
    3,830 pointsBadges:
    report
  • Mrg
    Yeah, I see what you are saying... As for Roles, that could be a nightmare, because you'd have to add all the individuals to the ACL, and then assign the Role. For now I've changed them to be editors. We already have a system that to access to edit their own documents, they are only shown documents relative to them by using the an 'embedded selection' with a 'show single category' formula. So it's not like they can see other users docs. Could you please elaborate on... "...use code to keep people out of docs that you don’t want them mucking with." ? Thanks again...
    285 pointsBadges:
    report
  • Stiletto
    Relatively simple. Just use some code in the PostOpen event to set the EditMode property of the uidoc to True if they're allowed to edit or False if they're not. Just remember to perform similar check in the QueryModeChange event, too. What I do is declare a variable called ReadOnly. Then, in QueryOpen, I check if it's a new doc. If it is, I set the variable to False. If it's not, then I check if the doc is being edited by someone else (record lock). If it is, I set the variable to True. If it's not, then I do my other security checking and set the variable appropriately. Then, in PostOpen, I check the value of ReadOnly and set EditMode appropriately. In QueryModeChange, if ReadOnly is True, I set Continue to False. HTH.
    3,830 pointsBadges:
    report
  • Stiletto
    Wait. Ignore most of that. I forgot your interests were web-based. You could probably do the same with WebQueryOpen - using it to only display the doc, not edit it. But, you'd also need to perform the same security checking with WebQuerySave (if you're worried about users trying to circumvent your security).
    3,830 pointsBadges:
    report
  • Mrg
    Perfect... I'll keep them as editors for now, but will work on that method. Mucho thanks!
    285 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following