Conditional Expression on Delete in Entity Security Building Block not working

Lori Dingman · 2021-08-12T21:33:53+00:00

There was an error rendering this rich post.

We have a Comment entity that is used to store comments from the user. We want to limit the ability to delete a comment based on who made the comment. If you are not the person who made the comment, you won't be able to delete. We have the comment form on a parent entity to the Comment entity, where users can submit their comments and they appear in a repeating group which has the Delete capability selected. See pict.

In the Comment entity, in the Security Building Block we added a conditional expression to only allow delete if the current user = the user who made the comment (Item.CreatedBy.Properties.UserId==User.Properties.UserId). But it is not working. Does the delete checkbox on the form override the Security Building Block on the form? Please see screenshots. Is there another way to do this? Any help would be greatly appreciated.

Find more posts tagged with

Comments

nssmani

@roglor, Display of actions on Form Grid and Repeating group as of now are not controlled by the security building block, but when a user performs a delete action which he is not supposed to do, he will be an error indicating he is not allowed to do it. So in UI user will see the actions but security is evaluated when user performs them. We have a plans to enhance it in future.

Lori Dingman

I understand that the display of Form Actions are not controlled by Security BB, but even with a condition that should resolve to false, the Delete action is not prevented from happening after the click. Can you please test and let me know if you can control the Delete action (not display) with a condition on the Delete in Security. The only thing that is working is an all or nothing. Either I give a role the ability to Delete all rows on the Grid or none of them.

That is limiting our ability to meet the requirement. If it does work for you, please share a condition you used, so I can try same. Thank you

nssmani

@roglor , Are you saying the even after adding the conditional security on delete, you are able to delete the records? I tried and it works as expected. See the attached recording.

Conditional delete.zip

jpluimers

Also note that in case you have multiple roles and permissions configured the system will grant access if at least one of these roles / permissions allows you to do the action.

So if you have a role allowing delete and another line with condition on delete, which is not met, then still you are allowed to delete because of the first.

You can not overwrite an already granted permission and then again block it with another.

Lori Dingman

Thanks so much for the help with this. Johan is right; that is our situation. We have multiple roles with every role having different permissions on Delete and Update in Security BB. Works fine if a 1 to 1 with one end user in one role. But if an end user has more than one role, it seems like the most permissive of the roles take precedence over the one that is restrictive.