Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 277
  • Last Modified:

ACL Choice List

How do I display a list of the DB ACL for choices ina dialogue box on the web?
0
fayeb
Asked:
fayeb
1 Solution
 
fayebAuthor Commented:
Sorry, I have worded the question wrong it should be:

How do I display a list of the groups that the current user is a member of?
0
 
ZvonkoSystems architectCommented:
Ok, do like this:

Create Field of type DialogList
Enter formula for choices same as field name and put it as text without quotas.
I choosed this field name:
ACLentries

So, next enter for this form containing that field a WebQueryOpen agent, like this:
@Command([ToolsRunMacro]; "LookupACL")

Now all you need is ths "LookupACL" agent.
Here it comes:

Sub Initialize
     Dim session As New NotesSession
     Dim db As NotesDatabase
     Dim acl As NotesACL
     Dim aclEntry As NotesACLEntry
     Dim doc As NotesDocument
     Dim item As NotesItem
     Set db = session.CurrentDatabase
     Set doc = session.DocumentContext
     Set item = doc.ReplaceItemValue( "AclEntries", "")
     Set acl = db.ACL
     Set aclEntry = acl.GetFirstEntry
     While Not (aclEntry Is Nothing)
          Call item.AppendToTextList( aclEntry.Name )
          Set aclEntry = acl.GetNextEntry( aclEntry )
     Wend
End Sub

Give it a try.

So long,
Zvonko

0
 
ZvonkoSystems architectCommented:
Sh!t :-)

The second question is quiet more easy.
Put into your DialogList formula this formula:
@UserNamesList

And remove the entries you do not like.
But try this first and tell me what you see and what you would like to remove from the list.

So long,
Zvonko

0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
fayebAuthor Commented:
I've tried @UserNameList but it brings back all the roles which is not what I want.

I am trying to allow a superuser who is in all user groups to be able to select which group they would like to log in as so they are able to simulate what another user in that group would see.
0
 
ZvonkoSystems architectCommented:
Then you have to use my upper agent with this extra if-statement looking for Groups:

Sub Initialize
     Dim session As New NotesSession
     Dim db As NotesDatabase
     Dim acl As NotesACL
     Dim aclEntry As NotesACLEntry
     Dim doc As NotesDocument
     Dim item As NotesItem
     Set db = session.CurrentDatabase
     Set doc = session.DocumentContext
     Set item = doc.ReplaceItemValue( "AclEntries", "")
     Set acl = db.ACL
     Set aclEntry = acl.GetFirstEntry
     While Not (aclEntry Is Nothing)
          If aclEntry.IsGroup Then Call item.AppendToTextList( aclEntry.Name )
          Set aclEntry = acl.GetNextEntry( aclEntry )
     Wend
End Sub

Good luck,
Zvonko

0
 
fayebAuthor Commented:
I cant use webquery open agents
0
 
ZvonkoSystems architectCommented:
Why not?
0
 
fayebAuthor Commented:
Because the company do not want me to use user triggered agents
0
 
ZvonkoSystems architectCommented:
Strange...

Ok, then the only option is to filter your ACL entries by some common string in Group names not found in other ACL entries.
The problem is that you can not recognize the entry type when you fetch them by @UserNamesList.
They are all simply strings.

Do you have some eye catcher in your Group names?


0
 
scottrmaCommented:
"select which group they would like to log in as"

You don't authenticate to a server as a GROUP, you authenticate as a USER. When you attempt to access a server, Domino builds a list of groups that you (the user) are in, directly and indirectly (nested groups). It builds this list for 2 reasons:

1) To determine whether you appear in the Deny or Allow access lists for the server

2) For database access

The list is built from looking at the $ServerAccess view in the Public NAB and is cached in memory by the Domino server.

Therefore, you cannot simulate what another user experiences unless you log in as that user or as another user who has exactly the same rights. Just being in the same group as that user is not enough, as Domino automatically builds a list of ALL groups that you are a member of (including nested groups) the minute you access the server.

So you would have to use another ID or web login (if this is a web applicaction) to effectively simulate this.

Regards,

Scott
0
 
fayebAuthor Commented:
I fixed this myself by using a cookie to store user roles instead of using note roles.  This wasn't the most secure option but the data contained is critical data!

I am posting to have this question closed/deleted.
0
 
SpideyModCommented:
PAQ'd and points refunded.

SpideyMod
Community Support Moderator @Experts Exchange
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now