Difference between revisions of "Privileged Module Configuration"
From ADF Docs
Gcronkright (talk | contribs) (→Overview) |
Gcronkright (talk | contribs) (→Add a CommonSpot User Group) |
||
| (31 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
==Overview== | ==Overview== | ||
| − | To | + | To enable scripts using the ADF's CE Record API or CommonSpot's Custom Data API to add or update data in custom data elements for users with limited or anonymous (read-only) access, simply add a few lines of code to your script and register it as a CommonSpot Privilege Module. |
| − | === | + | === Add the Enab/Disable Privileges to Your Script === |
# In your script that makes the call the ADF’s ceRecordAPI add a '''Request.User.enableApprovedPrivileges(Request);''' line before the call. | # In your script that makes the call the ADF’s ceRecordAPI add a '''Request.User.enableApprovedPrivileges(Request);''' line before the call. | ||
# Then add a '''Request.User.disableApprovedPrivileges();''' after the add/update call. | # Then add a '''Request.User.disableApprovedPrivileges();''' after the add/update call. | ||
| Line 15: | Line 15: | ||
Request.User.disableApprovedPrivileges(); | Request.User.disableApprovedPrivileges(); | ||
</cfscript> | </cfscript> | ||
| + | |||
| + | Include these additional enable/disable 'Request' lines of code in the CFML script file registered as the 'Privileged Module.' However, they can wrap the API call being made from inside a nested cfmodule, cfinclude, or a function within an invoked component. | ||
| + | |||
| + | IMPORTANT: In most cases, it is recommended to add the enableApprovedPrivileges call to an isolated CFM file that only performs actions for the desired permission level. Alternatively, it can be added to a CFC file if the component does not contain any functions that should be restricted to higher-access users. | ||
=== Add a CommonSpot User Group === | === Add a CommonSpot User Group === | ||
# Go to your CommonSpot Group Administration | # Go to your CommonSpot Group Administration | ||
# Create a Group with Add Data and/or Edit Data permissions | # Create a Group with Add Data and/or Edit Data permissions | ||
| − | ## No user or | + | ## No user or groups need to be added to this Privileged Module group. |
| + | |||
| + | Note: The user requesting to add or update data will be added to the group after the call it will be removed from the group on the fly. | ||
| − | + | <!-- [[File:add-sec-group.png]]--> | |
| + | <!-- | ||
| + | [[Image:/adf-docs/images/static/privmod/add-sec-group.pngadd-sec-group.png]] | ||
| + | [[File:/adf-docs/images/static/privmod/add-sec-group.pngadd-sec-group.png]] | ||
| + | --> | ||
| + | <!-- | ||
| + | <img alt="" src="/adf-docs/images/static/privmod/add-sec-group.pngadd-sec-group.png" width="200" height="157" class="thumbimage"> | ||
| + | [[File:add-sec-group.pngadd-sec-group.png|static/privmod|200px]] | ||
| + | [[Image:add-sec-group.pngadd-sec-group.png|static/privmod|200px]] | ||
| + | [https://community.paperthin.com/adf-docs/images/static/privmod/add-sec-group.png] | ||
| + | [[Image:/adf-docs/images/static/privmod/add-sec-group.pngadd-sec-group.png]] | ||
| + | [[Image:/adf-docs/images/static/privmod/add-sec-group.pngadd-sec-group.png]] | ||
| + | --> | ||
=== Update the Custom Element Security === | === Update the Custom Element Security === | ||
| − | # | + | # Go to Site Admin > Elements & Forms > Manage Elements |
| − | # Add the | + | # When the Manage Element dialog opens, find your Custom Element. |
| + | # From the ‘Edit Element Properties’ (pencil icon) drop down, select the ‘Security…’ menu item | ||
| + | # Add the Group you just created in the previous step to the Custom Element Security | ||
| + | # From the next dialog add the appropriate select the ‘Add Data’ and/or ‘Edit Data’ permissions: | ||
| + | ## If the user is allowed to: | ||
| + | ### add data to this Custom Element, select the ‘Add Data’ permissions. | ||
| + | ### update data in this Custom Element, select the ‘Edit Data’ permissions. | ||
| + | ### perform both actions 'add' and 'update', then select both ‘Add Data’ and ‘Edit Data’ permissions. | ||
| + | # Click Save | ||
| + | # Click Close | ||
| + | |||
| + | === Register the Privileged Module === | ||
| + | # Go to Site Admin > Security > Privileged Modules | ||
| + | # When the 'Privileged Modules' dialog opens, click the 'Add New' button | ||
| + | # When the 'Add Privileged Module' dialog opens, select your file or enter an explicit path for the 'Module Path' | ||
| + | # Then add the Group you created in the 'Add a CommonSpot User Group' as the Group Name | ||
| + | # Click Save | ||
| + | |||
| + | |||
| + | === Test your API call === | ||
| + | Now attempt to add data as a user with limited or if applicable as an anonymous user. | ||
Latest revision as of 18:19, 7 February 2025
Contents
Overview
To enable scripts using the ADF's CE Record API or CommonSpot's Custom Data API to add or update data in custom data elements for users with limited or anonymous (read-only) access, simply add a few lines of code to your script and register it as a CommonSpot Privilege Module.
Add the Enab/Disable Privileges to Your Script
- In your script that makes the call the ADF’s ceRecordAPI add a Request.User.enableApprovedPrivileges(Request); line before the call.
- Then add a Request.User.disableApprovedPrivileges(); after the add/update call.
<cfscript> // Enable addRecord() function to run for users with lower or anonymous permissions Request.User.enableApprovedPrivileges(Request); result = Application.ADF.gceRecord.addRecord(ceName=ceName,dataValues=dataValues); // Reset the user's permissions Request.User.disableApprovedPrivileges(); </cfscript>
Include these additional enable/disable 'Request' lines of code in the CFML script file registered as the 'Privileged Module.' However, they can wrap the API call being made from inside a nested cfmodule, cfinclude, or a function within an invoked component.
IMPORTANT: In most cases, it is recommended to add the enableApprovedPrivileges call to an isolated CFM file that only performs actions for the desired permission level. Alternatively, it can be added to a CFC file if the component does not contain any functions that should be restricted to higher-access users.
Add a CommonSpot User Group
- Go to your CommonSpot Group Administration
- Create a Group with Add Data and/or Edit Data permissions
- No user or groups need to be added to this Privileged Module group.
Note: The user requesting to add or update data will be added to the group after the call it will be removed from the group on the fly.
Update the Custom Element Security
- Go to Site Admin > Elements & Forms > Manage Elements
- When the Manage Element dialog opens, find your Custom Element.
- From the ‘Edit Element Properties’ (pencil icon) drop down, select the ‘Security…’ menu item
- Add the Group you just created in the previous step to the Custom Element Security
- From the next dialog add the appropriate select the ‘Add Data’ and/or ‘Edit Data’ permissions:
- If the user is allowed to:
- add data to this Custom Element, select the ‘Add Data’ permissions.
- update data in this Custom Element, select the ‘Edit Data’ permissions.
- perform both actions 'add' and 'update', then select both ‘Add Data’ and ‘Edit Data’ permissions.
- If the user is allowed to:
- Click Save
- Click Close
Register the Privileged Module
- Go to Site Admin > Security > Privileged Modules
- When the 'Privileged Modules' dialog opens, click the 'Add New' button
- When the 'Add Privileged Module' dialog opens, select your file or enter an explicit path for the 'Module Path'
- Then add the Group you created in the 'Add a CommonSpot User Group' as the Group Name
- Click Save
Test your API call
Now attempt to add data as a user with limited or if applicable as an anonymous user.
