Top | Previous | Next |
Securing event handlers |
Event handlers often execute logic that must be secured. The various script builders all have special security qualifiers that can be enabled. These qualifiers get translated into the generated script by accessing the user's current roles via scripting.
Example if 'Administrator' in system.security.getRoles(): productCode = event.source.productCode qty = event.source.parent.getComponent("QuantityBox").intValue query = "UPDATE my_secure_table SET quantity=? WHERE product=?" system.db.runPrepUpdate(query, [qty, productCode]) else: system.gui.errorBox('Insufficient security privileges.')
See also: |