Today I was trying to figure out how to display a reference field from a restricted table to users with the "public" role on the main table. For instance, the "Cars" table is open to the "public" role, but the "Drivers" table is restricted to the x_695084_car_maker_drivers role:
Making the Cars Table Public
First I want to enable anyone to create a Car, so I'll just update the ACLs on the table to use the "public" role instead of the "x_695084_car_maker.cars_user" role that was created when making the table:
For demonstration purposes, I've gone ahead and made the global form widget public and created a public portal page. When you go to it, you'll see the Make and Model columns show, but where is the Driver???
Making a Single Column Accessible to the Public Role
In short, to make the "Driver" column from the "Drivers" table show up on the public service portal page, we'll need to do the following:
- Grant the "public" role "read" access to the "Drivers" table
- Restrict access all the Drivers table columns to only the x_695084_car_maker_drivers role
- Grant the "public" role "read" access to the "Driver" column
Granting the Public Role Read Access
First you'll open the whole Drivers table up to the public by adding the "public" role to the existing "read" ACL (basically Drivers.none)
This allows the incognito user to view the "Driver" column on the form now:
Restrict Access to all Driver table Columns
Next we will remove access to all columns in the table from the "public" role by only allowing the x_695084_car_maker_drivers role to access them via a new Drivers.* read ACL
Once this ACL is in place, the "Driver" column will no longer show to the incognito user, so lets bring that back by enabling the "public" role access to the single "driver" column from the Drivers table
Enabling Access to a Single Column
Finally, we'll create a new "read" Drivers.driver ACL for the "public" role to restore the Driver view for the "public" role
