Problem solve Get help with specific problems with your technologies, process and projects.

Prevent users from editing a document

I have a document in a database that opens in edit mode because of code. Now, once the document is marked "Closed" (status field), I need to have the document not be editable anymore. Any suggestions?
I'm not certain I understand what you mean when you say that it opens in edit mode "because of code." Are you using NotesUIWorkspace.EditDocument to open it in edit mode? I'm going to assume so.

There are basically two ways to prevent users from editing a document.

The first way is easy to implement, but not especially secure. You write code in the Queryopen and Querymodechange events to test the fields of the document and decide whether it's allowed to go into edit mode, and if not, set Continue = False to prevent that from happening.

Sub Queryopen(Source As 
Notesuidocument, Mode As Integer, 
Isnewdoc As 
Variant, Continue As Variant)
 If mode and not IsNewDoc Then 
If Source.Document.Status(0) = "Closed" 
Messagebox "You may not edit a 
closed document."
continue = False
End If
End If
End Sub

Sub Querymodechange(Source As 
Notesuidocument, Continue As Variant)
 If not source.editMode Then
If Source.Document.Status(0) = 
"Closed" Then
Messagebox "You may not edit a 
closed document."
continue = False
End If
End If
End Sub

If the rule is more complex, you may want to create a function that both of these events can call.

As I said, this is relatively easy to do, but it's not really secure. If users have access to edit documents, there is nothing you can do to prevent them from doing so, if they are smart and determined. In this case, any user with the Domino Designer can use debug mode to trace and abort your code before it can prevent them from entering edit mode. Even a user without Domino Designer can easily write a toolbar icon (Smarticon if you're using R5) that modifies fields in the current document in a view. You can make this more difficult by hiding the database design, but not impossible.

Another problem with using only form events, is that when someone tries to open the document in edit mode and the form even prevents them, it doesn't open the document in read mode instead; it just refuses to open the document. If you are using EditDocument, you could code to detect this happening and try again to open it, this time specifying read mode. But the user got to see the "You may not edit" message.

The only really secure way to prevent document editing is to use document Authors fields to control editing access. This means that most users will have to have Author access in the database ACL. Editors and above have access to edit all documents regardless of the Authors fields, and those with less than Author can't edit anything regardless of Authors fields. The field can be computed, with a formula such as:

@If(Status = "Closed"; ""; "*")

(Or you might use some group or role instead of "*")

That sounds pretty simple compared to the form event approach described above –- why did I say the other way is easier to implement? I said that because, if you haven't already done it, restricting all users to Author access is going to affect every part of your application where there are forms the users are supposed to be able to edit. You have to make sure there are Authors fields everywhere in the application, with appropriate values for the form they are on.

Also, if the document is marked "Closed" by an agent (as opposed to be someone editing it), the agent must assign the Authors field also.

In addition, if there are local replicas of the application, you will either have to turn on "consistent access control," or use the form event code anyway as a backup to prevent users editing documents in their local replicas that they have no business editing. They wouldn't be able to replicate their changes to the servers, but they could create inconsistent information in their own copy of the database.

If there are any users who, because of their responsibilities in the database, require higher than Author access, the form event code can be used as a backup to prevent them from accidentally editing a document that's in "Closed" status.

Do you have comments on this Ask the Expert Q&A? Let us know.

Dig Deeper on Lotus Notes Domino Agents



  • Favorite iSeries cheat sheets

    Here you'll find a collection of valuable cheat sheets gathered from across the iSeries/Search400.com community. These cheat ...

  • HTML cheat sheet

    This is a really cool cheat sheet if you're looking to learn more about HTML. You'll find just about everything you every wanted ...

  • Carol Woodbury: Security

    Carol Woodbury