Skip to main content


 

The following article details a step-by-step process for implementing form-level access on a Form. The assumption is that the user launching the form has rights to an underlying workflow (Admin and/or Start) then access to the form is implied.

 

Needless to say this article is aimed at those who enjoy step-by-step guides.

 

 

 

The idea here is to ensure that users who don’t have rights to a K2 workflow do not access the related forms. This prevents a user from running the form and submitting data to the backend end data source i.e. creating orphaned or redundant data, etc., before the workflow is executed, and can’t be started due to incorrect rights. 

 

 

 

Implementation:

 

Start by setting workflow process rights for the users/groups that have the ability to start a workflow:

 

 13230iD639709C3772F40B.png

 

 

 

On the related form, create an input parameter (in this example "HasRight"):

 

 

 

16905i60CF2E0514E94695.png

 

 

 

The first rule that executes while the form is initializing will execute a Smart Object method to obtain the user’s workflow process rights. 

 

 

 

Category:  SystemSharePoint 2013 Integration
SmartObject:  SharePoint Integration Non SharePoint Helper Methods
Method:  Check User Workflow StartRights

 

 

 

12473iA699DD5C34263613.png

 

 

 

Inputs to the SmartObject are:

 

 

 

Username (chose System Values-> Current User -> FQN from the context browser)
Workflow Name (this could be hard-coded or could be another parameter that is passed in to the form)

 

 

 

12594i1ED03BBD98D834D1.png

 

 

 

The results of the method are returned in a field called “Has Start Rights” (values are True or False).  Map these results to your form parameter. 

 

 

 

14981iCD9AB948CEBC4527.png

 

 

 

Set a ‘Conditional Statement’ to check the form parameter value.  If the results are True (user has rights to start the workflow) then continue rule execution to load form accordingly:

 

 

 

11339i6CF18EA6C75874D6.png

 


If the result is False, redirect the user to a message page indicating user authentication error:

 

 

 

11081i444473AFC856925E.png

 

 

 

Notes regarding workflow process rights:

 

The SmartObject method is able to detect "Group" membership to obtain user-level rights. So even if the user is not explicitly given rights, if they are in a "Group" that has rights the user rights inherited and the SmartObject is able to resolve the group membership.

 

 

 

Please note that this article has been modified from its original version. While the content and visual representations are specific to Appit the idea is the same when working in K2 blackpearl.



 
Be the first to reply!

Reply