Only display records created by the currently logged in user if NOT an admin.

david-mendoza · ‎05-08-2024

Hi! I have a custom table that contains records for repair requests. Using a business rule, I had made A Before Query rule that only displays records made by the currently logged in user with this script:

(function executeRule(current, previous /*null when async*/ ) {
    current.addQuery('sys_created_by', gs.getUser().getName());
})(current, previous);

This achieves my goal of hiding records from other users, but wouldn't this make it such that admins accessing the table list will also be only be able to see records created by them? Is there a more elegant solution? Perhaps an ACL? If so, how should I go about it? Any guidance on the matter would be appreciated.

Edit: My solution instead was to doing an ACL instead and putting a filter on the List of Records Link Type application module like Maik suggested

ACL

Maik Skoddow · ‎05-08-2024

Your question "Is there a more elegant solution?" cannot be answered as you did not explain the reason for your approach. What is the underlying requirement?
To solve your concern regarding admin access, you could add the following:

(function executeRule(current, previous /*null when async*/ ) {
    if (!gs.hasRole('admin')) {
      current.addQuery('sys_created_by', gs.getUser().getName());
    }
})(current, previous);

View solution in original post

Maik Skoddow · ‎05-08-2024

Your question "Is there a more elegant solution?" cannot be answered as you did not explain the reason for your approach. What is the underlying requirement?
To solve your concern regarding admin access, you could add the following:

(function executeRule(current, previous /*null when async*/ ) {
    if (!gs.hasRole('admin')) {
      current.addQuery('sys_created_by', gs.getUser().getName());
    }
})(current, previous);

david-mendoza · ‎05-08-2024

The requirement is that I must make a custom portal that utilizes record producer to make "Device Repair" requests. This record producer is linked to a custom table "ABCTable". In the App navigator, I have made a List of Records module to that table, but by default it shows all records in ABCTable. Instead, I want only records created by the currently logged in user to be shown.

I was asking if the business rule I had made in my original post was sufficient for that, and was worried if my BR would prevent admin users from seeing ALL tickets, and limit the records to be those that only they created.

However, the solution you provided might just be all i needed

Maik Skoddow · ‎05-08-2024

Unfortunately you only described the functional aspect but not the security aspect. Therefore I assume that users are not allowed to open requests they have no created, right? Basically, you would achieve this with a simple ACL. But I also recommend configuring your module with an additional condition:

david-mendoza · ‎05-08-2024

@Maik Skoddow wrote:
Therefore I assume that users are not allowed to open requests they have no created, right?

That is correct. So an ACL similar to this config

along with your recommended filter condition just be it, would it not?

Couldnt adding the filter condition you said to the module prevent admins from seeing other requests despite the Admin override in the ACL?