Does ACL override UI Action?

xiaix · ‎06-05-2017

I have a table: u_wfh_equipment_order_list

On that table, I have a true/false field: u_sent_to_end_user

The field is dictionary set to read-only, and, this ACL to only allow admins to alter:

Here's the rub though... on the form, I have a UI Action:

Will this g_form.setValue() fail due to the ACL if a non-admin clicks the Send to End User button?

Chuck Tomasi · ‎06-05-2017

Hi David,

I'm not seeing any real reason to include the client script code. You could make this much simpler by simply setting the values all in server code, doing the update and redirect.

current.u_sent_to_end_user = true;

current.state = 2;

current.update();

action.setRedirectURL(current);

In this scenario, the record will get updated despite the ACLs or dictionary 'read-only' attribute. That's because the server code is running at the system level and needs to have access to update those fields as scripted.

View solution in original post

Chuck Tomasi · ‎06-05-2017

Hi David,

I'm not seeing any real reason to include the client script code. You could make this much simpler by simply setting the values all in server code, doing the update and redirect.

current.u_sent_to_end_user = true;

current.state = 2;

current.update();

action.setRedirectURL(current);

In this scenario, the record will get updated despite the ACLs or dictionary 'read-only' attribute. That's because the server code is running at the system level and needs to have access to update those fields as scripted.

xiaix · ‎06-05-2017

So I can change this:

To this:

Correct?

xiaix · ‎06-05-2017

Oops.. I meant this:

Chuck Tomasi · ‎06-05-2017

That looks about right (making some assumptions about your requirements of course.)