Securing event handlers

Event handlers often execute logic that must be secured. The various script builders all have special security qualifiers that can be enabled. These qualifiers get translated into the generated script by accessing the user's current roles via scripting.

Example

if 'Administrator' in system.security.getRoles():

   productCode = event.source.productCode

   qty = event.source.parent.getComponent("QuantityBox").intValue

   query = "UPDATE my_secure_table SET quantity=? WHERE product=?"

   system.db.runPrepUpdate(query, [qty, productCode])

else:

   system.gui.errorBox('Insufficient security privileges.')

See also:

Script Builders

system.security.getRoles