Tags:
create new tag
, view all tags

Feature Proposal: Adding Access control on Form Fields

Motivation

A few work-flow kind of Application require access restrictions on the fields/meta data of the applications. A few attributes of the Application needs to be moderated.

Description and Documentation

Let us consider the example of ticketing system. The ticketing system is based on form with fields:

  • Subject
  • Issue (text)
  • Status -open, close

Define the restriction on "Status" field. Not every user can modify the "Status". Give change rights to "Managers" Group. In this case - Only Managers should be able to modify the status of the ticket while rest fields can be modified by any user.

I think this can be achieved if we modify the current definition of TWikiForms. Add one more attribute to the forms called "Restrictions"

| *Name* | *Type* | *Size* | *Values* | *Tooltip message* | *Attributes* | *Restriction* |
| Status | select | 1 | Open, Close, Confirmed | blah blah... | | ManagerGroup, HariSadu |

In this case - Any body can modify the other fields but "Status" will be modified by members of ManagerGroup and HariSadu user.

Examples

Impact

Implementation

-- Contributors: SopanShewale - 2010-01-14

Discussion

This might be a bit of overkill, complicating the spec of TWiki for a smaller use case need.

You can achieve this by using form fields of type label, which can't easily be changed. To change the values, create a separate access controlled page that has an HTML form; on submit it pushes those values into the the label fields of the form in another page. This is not hard access control (a savvy user could edit a page and append the proper name=value to change a label field), but may be secure enough in many cases because of the TWiki audit trail.

-- PeterThoeny - 2010-01-15

Edit | Attach | Watch | Print version | History: r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r2 - 2010-01-15 - PeterThoeny
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.