Determining if a User Has Read or Write Access to a Field in SalesLogix Web

It is useful at times to be able to programatically determine at runtime if a user has read access, write access, or no access to a particular field at runtime. There are many different ways this information can be used to ensure you’re giving the current user the best, and most understandable experience based on that particular user’s security settings allow for. Luckily, with the introduction of the FieldLevelSecurityService in SalesLogix 7.5 this is an easy task. Let’s take a look.

Let’s say for this example, you want to check the current user’s access level to the “AccountName” property on the Account entity. We’ll do this in a Code Snippet Action, so we’ll be passed a reference to the current form (let’s assume we’re doing this as an action on the AccountDetails form) which will contain a reference to CurrentEntity. The code would look like this:

// Assume they can read and write to the field
Sage.Platform.Security.FieldAccess access = Sage.Platform.Security.FieldAccess.ReadWrite;

// Locate the FieldLevelSecurityService
Sage.Platform.Security.IFieldLevelSecurityService svc = ApplicationContext.Current.Services.Get<Sage.Platform.Security.IFieldLevelSecurityService>();
if ((svc != null)
{
    // Check if the current entity is secured
    if (svc.EntityIsSecured(form.CurrentEntity.GetType()))
    {
        // Use the entity as an IPersistentEntity
        Sage.Platform.Orm.Interfaces.IPersistentEntity entity = form.CurrentEntity as Sage.Platform.Orm.Interfaces.IPersistentEntity;
        // Get the access leve for the AccountName property on the Account entity (current user is built into the check)
        access = svc.GetAccessForProperty(entity, "AccountName");
    }
}

// Now the 'access' variable shows their access level
switch (access)
{
    case Sage.Platform.Security.FieldAccess.ReadWrite:
        // User has read/write access to Account.AccountName
        break;
    case Sage.Platform.Security.FieldAccess.ReadOnly:
        // User has read only access to Account.AccountName
        break;
    case Sage.Platform.Security.FieldAccess.NoAccess:
        // User has no access to Account.AccountName
        break;
}

Ideally you would wrap that up in your own assembly and then reference that as needed. However, there are other ways as well which makes all this even easier.

Typically, when you use an entity in SalesLogix you reference it via it’s interface. This is a best practice for most cases, however, you can also cast the entity reference to it’s actual implementation type, in this case Sage.SalesLogix.Entities.Account and make for a much easier time and a lot less code. All entities will inherit from Sage.SalesLogix.Orm.EntityBase. The cool part is that EntityBase has a built in method that does the code we did earlier. This method is called GetPropertyAccess. Since the Account (and all entities) inherit from EntityBase, this method comes built in. What all this means is that we can use this implementation instance type and just call that method, passing it the property name (as a string), like this:

Sage.SalesLogix.Entities.Account account = (Sage.SalesLogix.Entities.Account)form.CurrentEntity;
switch (account.GetPropertyAccess("AccountName"))
{
    case Sage.Platform.Security.FieldAccess.ReadWrite:
        // User has read/write access to Account.AccountName
        break;
    case Sage.Platform.Security.FieldAccess.ReadOnly:
        // User has read only access to Account.AccountName
        break;
    case Sage.Platform.Security.FieldAccess.NoAccess:
        // User has no access to Account.AccountName
        break;
}

That is much easier and much cleaner, but knowing what that method does exactly makes things more flexible for you so you can do this with or without using the actual entity type and just stick to using the interface.

ABOUT THE AUTHOR

Ryan Farley

Ryan Farley is the Director of Development for Customer FX and creator of slxdeveloper.com. He's been blogging regularly about SalesLogix, now Infor CRM, since 2001 and believes in sharing with the community. His new passion for CRM is Creatio, formerly bpm'online. He loves C#, Javascript, web development, open source, and Linux. He also loves his hobby as an amateur filmmaker.

1 Comment

  1. Thanks for the share. Keep posting such kind of information on your blog i bookmarked it for continuous visit.

    Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

Subscribe To Our Newsletter

Join our mailing list to receive the latest Infor CRM (Saleslogix) and Creatio (bpm'online) news and product updates!

You have Successfully Subscribed!