Several times I dealed with problems, how to check access rights from ACL in script and many times, user was not listed in ACL. Testing roles is easy then.
Dim IsAuthorised As Variant IsAuthorised = Evaluate("""[Admin]"":""[GrpLead]"" = @UserRoles") IsAuthorised = (IsAuthorised(0) <> 0)
and that's all. But how to check, if user can delete documents e.g. if is not listed in ACL. And I found very powerful @function - @UserNamesList - which returns current user name, group name, and the name of a role that the current user has in the current database. And code follows:
Dim ACL As NotesACL Dim ACLEntry As NotesACLEntry Dim NamesList, NameList Dim I% Dim IsAuthorised NamesList = Evaluate("@UserNamesList") I = 0 While (I < Ubound(NamesList)) And Not IsAuthorised NameList = NamesList(I) If Not IsAuthorised Then Set ACL = Db.ACL Set ACLEntry = ACL.GetEntry(NameList) If Not (ACLEntry Is Nothing) Then With ACLEntry IsAuthorised = .CanDeleteDocuments And (.IsRoleEnabled("[Admin]") Or .IsRoleEnabled("[GrpLead]")) End With End If End If I = I + 1 Wend ' If nothing was found, script has to check -Default- entry If Not IsAuthorised Then Set ACLEntry = ACL.GetFirstEntry If Not (ACLEntry Is Nothing) Then With ACLEntry IsAuthorised = .CanDeleteDocuments And (.IsRoleEnabled("[Admin]") Or .IsRoleEnabled("[GrpLead]")) End With End If End If ...