Users editing own records

Nov 2, 2013
Users editing own records
  • There are two main scenarios in which you may want to restrict access to a users own records - in forms and in lists.


    Forms (top)

    For forms, there is a video on this concept available for subscribers at http://fabrikar.com/help/tutorials called 'Access Control'.

    The basic premise behind the concept is that in the menu item that links to the form you are adding the specification to only display the row in the table that has the user's id is the 'userid' column.

    You are therefore required to specify in menu link > options:

    Row id: -1​
    Key: userid​

    To implement this, there is the additional step required of creating a 'user' element and adding it to your form so that the user's id is in fact automatically grabbed and added to the data that is submitted with the form.

    The video tutorial mentioned above makes this concept and its implementation clearer as it demonstrates its usage in a 'user profile' scenario.

    Lists (top)

    For lists, access control, in the context of limiting the display of records to those who created them, is achieved by adding prefilters.

    This can be done in the backend by going to lists > [click on your list title] > Data > Pre-filter or in the frontend by setting the prefilter in the fabrik list menu options.

    There you can define the filters that are applied to your list before it is displayed.

    So for example, to restrict the contents of the list so that it only displays records added by the user, you would add the following pre-filters:

    WHERE name(raw) EQUALS {$my->id}, Type: Text, Apply To: Registered​
    OR​
    WHERE id NOT EQUAL TO 0, Type: Text, Apply To: Special​

    This last condition enables Super Users to be able to administer and view all records.

    URL links to a form (top)

    Alternatively, you can create a URL link to the form:
    Code (Text):
    index.php?option=com_fabrik&view=form&formid=X&rowid=-1&usekey=author

    Limit Form plugin (top)

    It is recommended to additionally use the limit form plugin (currently available only in github) to ensure that users can not bypass these options by manually altering the URL.