Friday, October 1, 2004

Managing database ACLs from a browser


By Daniel Koffler

This is the fourth installment in a series of articles designed to make the task of developing Web applications for Domino a more pleasant and efficient experience. I've already shown you how to create a pure Domino Web popup calendar to assist users in selecting dates on the Web and I've show you how to create both global and user profile forms suitable for use on the Web. Now we get serious.

Often when you are developing serious Web applications in Domino you need to provide your Web users with the ability to change database ACLs (Access Control Lists). You will need aspects of an ACL Web interface any time you want to be able to delegate management functions to users of your Web application. These are people who may not have a Notes client or Notes ID, such as a forum moderator or membership area administrator. This article will walk you through the creation of an ACL Web interface, like shown in Figure A, which can be used in any Domino database.


A full featured Web based ACL management interface. (click for larger image)

Create the ACL form

To achieve your desired result, create one form to hold and display all the ACL data, then use a series of buttons and LotusScript agents to manipulate the database ACL. First, open up the database ACL and navigate to the Advanced tab. Here set the "Maximum Internet user access" to Manager. Settings lower than this are not allowed to change the database ACL.

Create a new form named "ACL" then create a computed text field named "SaveOptions". Set the formula for this field to "0". This setting tells Domino not to save any documents with this form, we only want it to hold our interface, not create new documents. You can see an example in Figure B below.


After creating and testing the ACL Form, make the first row of fields hidden on the Web. (click for larger image)

Next, you should create a computed text field called "name" and give it the formula:


This formula will search the URL that's used to open this form, and try to find a parameter in the URL query string (the part after the "?") called "name". This would appear as something like http:\// When you open this form, and want to edit the ACL settings for an existing user, we'll pass that user name to this form through the URL query string. This will become clear later.