Override user permissions to make table editable

  • 1
  • Question
  • Updated 1 month ago
  • (Edited)
I have a table based on a Contact model. Users can change data in the table, but when a save button is clicked a javascript snippet is run and instead of updating the Contact model, data is pushed to another model and that model is saved.

That all works great, except when I have a running user who does not have edit permission on the Contact object. In such cases, the table is read-only (which makes sense but is a problem in this case).

The Contact model is never actually saved, so the user does not need edit permission based on saving data, but they do need to be able to use the table in edit mode.

Is there anyway to override this feature and set the table to edit mode despite the user's lack of permission on the underlying object?

Any help is appreciated.

Photo of Tony Sirna

Tony Sirna

  • 976 Points 500 badge 2x thumb

Posted 2 months ago

  • 1
Photo of Matt Sones

Matt Sones, Champion

  • 31,478 Points 20k badge 2x thumb
Tony,

As a work-around, you might have to clone the Contacts model into a ui-only model on each query, or into a model on the object that you're saving to. It's a bit messy, but sounds like you're already dealing with a mess...
Photo of Tony Sirna

Tony Sirna

  • 976 Points 500 badge 2x thumb
I can give that a try but it seems like there should be some simple way to override permissions and make a table editable.  Is there a user object I can manipulate in Javascript?
Photo of Clark Cregg

Clark Cregg, Employee

  • 118 Points 100 badge 2x thumb
Hello Tony,

I would suggest something along the lines of what Matt mentioned above. You can try using Adopt Rows (https://docs.skuid.com/v11.2.9/en/skuid/action-framework/action-list/actions-model-data-changes.html...) to adopt the rows into a UI only model where they can be edited and saved back to the other model you are using. Manipulating security settings such as permissions is always a bit risky, since it could potentially open you up to other data security issues. Hope this is helpful!

Clark
Photo of Tony Sirna

Tony Sirna

  • 976 Points 500 badge 2x thumb
I ended up implementing it this way:

I created a model for transferring the Contacts to the custom object model that would be saved.  The reason is I don't want to save every Contact on the list, only ones that have changed. 

So I go from Contacts to TempModel via createRow(). Then I go from TempModel to Updater via adoptRows(TempModel .getRows()). This gives me a model that does not have any changes yet so only those rows changed by the user are updated.

The trickiest part was dealing with the filters and search for the table. Because I've only loaded some of the records into my Updater Model you can't do an effective filter on that model (the data is not actually in the database). Since I have it set up so that when the Contact model is updated it automatically reloads the Updater model I changed it so the filters are all really on the Contact model.

The easiest way to do that was to use the table I already created on the Contacts model and hide the contents of the table, and then hide the header of the table on the Updater model. To the user it looks like one skuid table but the filters are actually on the Contact Table which causes the Updater model and table to update. 

In the end it feels like sort of a bunch of weird hacks when all I really wanted was to say "No really, make this table editable regardless of permissions" but it works.

With skuid it seems there is always some sort of workaround.