I am working on an application using the LabKey Javascript API embedded in wiki pages.
The group of users using the app are set as Editors so that they can insert/update data in the database (any lesser permissions and they get an "unauthorized" error).
I would, however, like hide the edit/new/manage toolbar from them.
Is this possible? Or do I have the permissions set incorrectly?
Many thanks,
b |
| |
| Anthony Corbett responded: |
2013-05-17 08:06 |
Hi,
From my understanding being an Editor on a container allows them to edit anything in that container (wikis, lists, datasets, etc.) There is not a way, from my knowledge, to only be Editors on certain types of module's artifacts (the expcetion here being per dataset permissions).
Our group also has single page Javascript applications we embed into wiki pages. Our users also need insert/update to the study datasets so they all have the Editor role. However, for the same reason you are asking, we don't want them to edit/delete a wiki page. Our solution was to add a child container where the users are readers only and all javascript application wiki pages live in this child container. The down side with this approach is that all LABKEY.Query API calls must now explicitly set the containerPath to the parent container to correctly scope the query, and while this is annoying, we have a cross cutting layer which decorates all LABKEY.Query API calls to set this property across the whole application.
Another approach, if the users only need to insert new or edit THEIR OWN data, is to give them the Author role. This will remove the 'edit' and 'manage' buttons, but not the 'new' button. The downside is that they can only edit the records they have inserts and not records others have created, though depending on your use case this may be what you are looking for.
More of a hack is to place CSS in your wiki page to hide the buttons:
div.labkey-wp-text-buttons {
visibility:hidden;
}
You can take this further and use javascript to check the user's role and apply the css style:
Ext.select('div.labkey-wp-text-buttons').setStyle('visibility', 'hidden');
Regards,
Anthony Corbett
|
| |
| Anthony Corbett responded: |
2013-05-17 08:15 |
The CSS above will remove webpart text buttons from the whole page (all webparts), if you want to remove it only for the main body and not the right side panel use the more restrictive selector:
Ext.select('td.labkey-body-panel div.labkey-wp-text-buttons').setStyle('visibility', 'hidden');
Firebug and its element inspector is the best place to dive into the HTML and try out css rules, again this is more of a hack then a solution.
-
Anthony
|
| |
| bront responded: |
2013-05-17 09:38 |
Anthony,
Great ideas. I think I will employ the "hack" at this point (since this issue only impacts 1 page so far); however, I will certainly keep the child container solution in mind for future projects.
Thank you so much for your help.
bront |
| |
| adam responded: |
2013-05-19 16:41 |
Just in case it isn't obvious to everyone reading this, hacking the CSS will hide the buttons, but it's not a true substitute for changing permissions. Your editors will still be able to insert, update, and delete wikis; they'll just need to grab the necessary URLs out of the page source or edit the URL in the address bar.
Adam |
| |
| Matthew Bellew responded: |
2013-05-20 09:08 |
One more suggestion. I'm not against hacking CSS, but whenever you do this consider adding a note to you "manual testing before I upgrade" document. It's easy to forget what hacks have accumulated where, and then not notice when they break because of CSS/markup changes on upgrade.
Matt |
| |
|
|