+3
Hi all,
I have a form with a landing page containing a list of all those employees whose form the current logged in user is allowed to see. For example, if I'm a manager I can see subordinates' forms. However, with the ID being passed in the URL, I can actually change that parameter and see someone else's data. Permissions are far far too complex to apply on this form, hence the landing page. Is there a way to NOT show these parameters in the URL?
Hi Mallory,
For starters this might be better suited to be posted in the Smartforms forum. WIth that said, depending on the way your form and/or processes are constructed there may be a way to provide this functionality aside from using a query string parameter. Another thing you can do is just use a unique identifier or GUID to abstract the user's ID.
Best Regards,
David
+16
Dear,
I suggest you create a list with user's permission and when your form initilaize, hide or show upon the permissions in that list.
Regards,
Hi Mallory
I don't think there is a way to hide parameters, but there may be some workarounds.
Are you opening this landing page from another SmartForm? If so you can:
If you coming to the landing page from a non SmartForm page then you could create a "pre-landing page" that accepts the parameter that immediately directs you to the actual landing page using the methods described above. This should be a fairly seamless transition for the users.
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
