As we prepare our pilot of our XPage application, I was reminded that sometimes users might find a way to open a document in the Notes client when we don’t really want them to. While the odds are against them getting to a view or to a Notes document, no system is idiot-proof (idiots are absolutely genius sometimes!) So, I dug out an old script that I’d written back during my time at FAA to prevent users from accidentally opening a Notes database when they should be opening it only via the browser.
So, the users in question need to be able to update the documents, but I want them to do it in XPiNC or in the browser. That means, I can’t go using readernames fields to hide the documents from them and I know that hiding views (either via not including them in an outline or by naming convention) isn’t necessarily going to prevent them from opening my views.
Basically, all we do is check for their roles and if they have the right one, we let them in. Otherwise, they get warned off. I could add some script to this to open the document in the proper XPage, but this is a bare-bones version to help you get started if you have this kind of need.
Sub Queryopen(Source As Notesuidocument, Mode As Integer, Isnewdoc As Variant, Continue As Variant) Dim session As New NotesSession Dim db As NotesDatabase Dim doc As NotesDocument Dim formName As Variant Dim OKtoOpen As Boolean Dim roles As Variant Set db = session.CurrentDatabase roles = db.QueryAccessRoles(session.UserName) Set doc = Source.Document formName = doc.GetItemValue ( "Form" ) OKtoOpen = False Forall URoles In roles If Ucase(URoles) = "[ADMIN]" Then OKtoOpen = True End If End Forall If OKtoOpen = False Then Continue = False Messagebox "You are not authorized to access " & formName(0) & " documents via the Notes Client!",48, "Access Error" End If End Sub
While I was at it, I also wrote another version to be used to keep users out if they accidentally opened it on the backup or development servers. (Yes, I know production databases don’t belong on development servers, but it has happened here and, I am sure, other places).
Sub Queryopen(Source As Notesuidocument, Mode As Integer, Isnewdoc As Variant, Continue As Variant) Dim ws As New NotesUIWorkspace Dim session As New NotesSession Dim db As NotesDatabase Dim appsdb As NotesDatabase Dim doc As NotesDocument Dim appsdoc As NotesDocument Dim serverName As New NotesName ( "" ) Dim dontOpenServers (1) As String dontOpenServers (0) = "DominoDev" dontOpenServers (1) = "Backup" Set db = session.CurrentDatabase Set serverName = New NotesName ( db.Server ) Forall badServer In dontOpenServers If serverName.Common = badServer Then Continue = False Messagebox "You are attempting to open this document on " & serverName.Common & Chr$(10) & "Trying to open the document on MAIN",48, "Wrong Server" Set doc = Source.Document Set appsdb = New NotesDatabase ( "MAIN/COMPANY", db.FilePath ) ' if that didn't open it, try again If Not ( appsdb.IsOpen ) Then Call appsdb.Open ( "MAIN/COMPANY", db.FilePath ) End If ' if that didn't open it, try by replicaID If Not ( appsdb.IsOpen ) Then Call appsdb.OpenByReplicaID ( "MAIN/COMPANY", db.ReplicaID ) End If If Not ( appsdb.IsOpen ) Then Messagebox "Could not open the MAIN/COMPANY replica of the database, trying local replica",48, "Failed" Call appsdb.OpenByReplicaID ( "", db.ReplicaID ) End If If ( apps1db.IsOpen ) Then Set appsdoc = apps1db.GetDocumentByUNID ( doc.UniversalID ) If Not ( appsdoc Is Nothing ) Then Call ws.EditDocument ( False, appsdoc ) Else Messagebox "Opened the database, but could not open the document",48, "Failed" End If Else Messagebox "Could not open the local replica of the database either",48, "Failed" End If End If End Forall End Sub
These QueryOpens could be placed on individual forms or on subforms that are on those forms. You could put a version in the PostOpen event of the database script, though you have to keep in mind that the PostOpen doesn’t run if the user opens a document via a document link instead of opening a view or the database itself. Come to think of it, I will be putting a version in the PostOpen to prevent unauthorized users from opening the database, but have it quietly open the XPiNC page I want them to open.
I thought about putting this in my Security category, but it’s not really about security. It’s mostly about making sure the user gets the proper experience, by using production replicas or the correct client.
Hope you found something interesting here!