FRULE: pay attention to access rights, especially when working locally!!!!

In one of our applications we need to store more “sensitive” data with less access rights than the normal documents. In Lotus Notes the parent/child paradigma is just about perfect for this task.

My idea was to have a dialog popup where the user could enter this sensitive data.

I did a test in a test database, with a few hiccups I got everything working. The hiccups were kind of related to the fact:

  1. how do I ensure that every dialog would go to the same child document
  2. how do I ensure that the dialog has the same document mode (read/edit) than the parent
1. I solved by presaving a child, getting it’s unid and adding it to the document source. That was per se not sooo complicated disregarding the fact that the functionality was located on a custom control.
2. Was a bit a weireder (german-english for “more weired”) issue. On the test db all worked fine. The dialog’s document source edit mode was put to the same as the parent document and that worked.
In the actual db where I needed this feature I built everything 100% identical, yet the dialogbox was never going to edit mode. By accident then i figured: if the fields are not bound to the document then they can be edited. Of course they wouldn’t be saved also. So what the heck was going on? Then this morning I had an “almost” revelation: it must be access rights!!! I was sure, not being at the computer, this must be related to insufficient access rights for “anonymous”. When I was back at my computer I was disappointed to find out: that was not the case! Same access rights for anonymous on both dbs.
So I did what I usually do when I’m clueluess: tried to explain it to someone “stupid” (stupid in the sense of having no idea what an xPage is).
And guess what: this time the demo effect worked the other way around! Instead of NOT working during demoing, it actually worked!
So I was happy to find out that my approach did work.
But what was the problem when it did not work?
First you must know: I almost 100% of the time work locally (so I can debug easily my Java code), and working at home i’m not even “online”!
Well.. turns out in the test application I had “Enforce consistent ACL” checked. In the actual application this was unchecked, but by accident during demo I was connected to the server (ie. location=online). So during the demo by some interesting feature I cannot explain the web server could, even though local, determine (cause I was online) the appropriate author access for anonymous, hence the whole thing worked!
Do not forget to think about the fact that xPages ARE indeed still Lotus Domino applications with all their nice access rights. And if you work locally ensure that you have always checked “Enforce consistent ACL”!

Leave a Reply

Your email address will not be published. Required fields are marked *

The reCAPTCHA verification period has expired. Please reload the page.