Evolutivo Custom View Permissions

8th Aug 2023 filter 2023 custom view permission

Now that the View Permission module seems to be fully integrated and functional, I present a brief overview and explanation of the functionality in Evolutivo.

In this blog post I am going to be enhancing this page of the manual with the intent to make it clearer how this module works and we can configure the access to our filters.

The View Management module permits us to fine-tune the sharing rules of filters on each module and on each view itself. If you read that sentence carefully you see that there is an and. This module permits us to define the general permissions for each user when performing filter operations in a module AND it also permits us to define the permissions any user has on each particular filter.

That means that this module has two types of records, or two "modes", one for setting the permissions of a filter and another for the default permissions of a module.

Understanding the Dual "Modes"

The first thing to grasp is the concept of "modes" within the View Management module. A record can have two distinct modes:

Filter Settings Mode: This mode determines the settings of a filter within a module.
Default Permissions Mode: This mode handles the default permissions of the module.

The Default Setting checkbox is the key to switch between these two modes. When checked, it signifies that the record is in Default Permissions Mode. Conversely, unchecking the checkbox puts the record in Filter Settings Mode, allowing you to customize permissions for a specific view.

Customizing View Permissions

To set permissions for a particular view, follow these simple steps:

Uncheck the Default Setting checkbox: This action puts the record into Filter Settings Mode, enabling you to fine-tune permissions for the view.
Select the User, Group, or Role: Choose the specific entity for which you want to define the permissions.
Set CRUD-A Permissions and Default Status: Now, you can specify the Create, Retrieve, Update, Delete, and Approve permissions for the selected User/Group/Role. Additionally, you can set the Default status to make these permissions mandatory for the chosen entity.

Defining Default Permissions

In cases where the Default Setting checkbox is checked, you can establish default permissions for an entire module. Here's how:

Check the Default Setting checkbox: This puts the record into Default Permissions Mode, allowing you to set permissions for the module as a whole.
Select the Module: Choose the specific module for which you want to define the default permissions.
Mark the Permission Set: Set the desired permissions for the module. These permissions will apply to all views within the selected module, provided there are no other records with specific settings.

Synchronization with List View Filters

The View Management module also offers a handy synchronization feature with List View Filters. When a new filter is created on a module, the application automatically creates a View Permission record with default settings. This includes the user who created the filter, subroles of the user, and preset CRUD-A permissions. This is also very useful for other use cases, since this is "just" another record creation inside the application we can define workflows that do tasks for us. For example, by setting the "Set Public" checkbox, you can trigger an email notification to specific users who need to approve the filter for others.

Escalation Rules

Now that we understand that there are two modes inside the View Management module, we need to understand also how it decides which of all the records that may apply to a given filter it uses to decide the permissions. In other words, any given user may try to access any filter on any module. The View Permission module must get a list of records that apply to that user and filter and decide which one it will use to return the permissions. For this, the module has a set of escalation rules that determine the accessibility of views. The process is as follows:

Search for a mandatory default record.
If not found, search for a non-mandatory record belonging to the role of the user.
If not found, search for a non-mandatory record assigned directly to the user.
If not found, search for a non-mandatory record assigned to any group of the user.
If not found, search for a non-mandatory record set as the default setting for the module.
If still no record is found, the ALL view for the module will be returned.
If no record is found at all, an empty array will be returned.

Some examples

Watch a quick explanation of the View Permission module showing how it works with some examples.

Conclusion

With the View Management module, managing access permissions and sharing rules becomes a straightforward process. Whether you need to customize permissions for a specific view or set default permissions for an entire module, this feature empowers you to maintain data security and optimize workflow efficiency. So, take advantage of this powerful tool and unlock the true potential of your system's access control.

HTH

Photo by Danielle Rice on Unsplash

Previous Post Next Post

Evolutivo.FW Blog

Here we try to inform about all the action that is happening on the development of the main project and all its' satellite applications in a more human understandable form and also create a space where we can talk about our opinions and future ideas for EvolutivoFW. Welcome!

Random Article

I'm Feeling Lucky!

Popular Tags

functionality development 2023 2024 customizations security password evolutivo gdpr document gendoc integration big data limit support global variable menu settings configuration drag drop drag and drop database optimization relation tiddlywiki release fork filter custom view permission mail converter mail scanner workflow archive hide teleport sso mautic complexity salesforce comparison onlyoffice widget cache

Syndicate

Atom 1.0 RSS