Filter form display block by associated user (prevent users from editing other's records)
Permalink Browser Info Environment
I've noticed that it is possible to view/edit other people's form submissions by simply changing the entry ID number at the end of the review URL (ie,www.www.mysite.com/form/?entryID=5).... I want to be able to prevent users from editing other people's form submissions.
The only way I could think to accomplish this is to create a custom proforms_display template and modify the custom view.php to only show a record when the associated_user ID equals the ID of the user currently logged in. I can get the user ID of the logged in user, but I can't figure out how to get the associated_user attribute from the current proforms item.
And, there may a better way to accomplish this all together - I'm welcome to any ideas!
The only way I could think to accomplish this is to create a custom proforms_display template and modify the custom view.php to only show a record when the associated_user ID equals the ID of the user currently logged in. I can get the user ID of the logged in user, but I can't figure out how to get the associated_user attribute from the current proforms item.
And, there may a better way to accomplish this all together - I'm welcome to any ideas!
Type: | Discussion |
---|---|
Status: | New |
You should be able to use ProformsItemID. so something like this:
Thank you for the quick response! I will try that and report back.
This worked!! And, now I know how to call in other form attributes...I'm so happy.
Here's exactly where I put everything in case there are other newbies like me looking for the same thing:
Around line 20, after
I put:
Then, around line 103, after the </form> close, I put:
Here's exactly where I put everything in case there are other newbies like me looking for the same thing:
Around line 20, after
<?php if($ProformsItemID){ ?> <input type="hidden" name="ProformsItemID" value="<?php echo $ProformsItemID?>"/>
I put:
<?php $u = new User(); $uID = $u->uID; $pfo = ProFormsItem::getByID($ProformsItemID); $formUser = $pfo->getAttribute('associated_user'); ?>
Then, around line 103, after the </form> close, I put:
<?php }else{ echo t('You do not have access to this form record'); }?>
I'm just happy that someone understands the concept of custom views and tailoring your own views to take full advantage C5 apps!
ChadStrat
ChadStrat