1
0
-1

Hi team, i have a form that should be viewed for an user that vary depending of how the claimant fill the form.

i did note that from a wichever user session them can get info destinated to other user.

Example :

https://ingritech.cloud.joget.com/jw/web/userview/GDC/hr_expense_userview/_/print?embed=true&id=7_GDC_process1

From the session of any user i can access information for other user modifying the last part of the url

https://ingritech.cloud.joget.com/jw/web/userview/GDC/hr_expense_userview/_/print?embed=true&id=6_GDC_process1

I did check the autorization options but the scope is for organization, groups, departments, users etc... i think that my requirement is more granullar.

 

 also explore the bean shell option (please see the code bellow), Nevertheless in my case i have a primary table with an  account.creator field that have First Name and Second Name.

 I think that i would need use a SQL syntax to get the field to compare it with a username hash variable

or

Compare First Name and Second Name with the combination of  hash variables FirstName and SecondName of the current  logged user.

Someony can help me to develop the syntax for any of these proposals

 

 

import java.util.Map;
import org.joget.directory.model.User;

public boolean isAuthorized(User user, Map params) {
//using hash variable to get "creator" field value and escapes it with java syntax, then compare with current username
// return "#form.crm_account.creator?java#".equals(user.getUsername());
return "#form.mcrm_contact.userid?java#".equals(user.getUsername());
}

//call isAuthorized method with injected variable
return isAuthorized(user, requestParams);

 

thanks

 

    CommentAdd your comment...

    1 answer

    1.  
      2
      1
      0

      Friends , I finally opted to fill a field with the user ID in my main table, and the code work very well.

       

      import java.util.Map;
      import org.joget.directory.model.User;

      public boolean isAuthorized(User user, Map params) {
      //using hash variable to get "creator" field value and escapes it with java syntax, then compare with current username
      return "#form.hr_expense_claim.customer_contact?java#".equals(user.getUsername());
      }

      //call isAuthorized method with injected variable
      return isAuthorized(user, requestParams);

       

      Thanks

        CommentAdd your comment...