Locking Records Function - How to ensure that records in Adesso are absolutely uneditable

One of our clients asked us how we could essentially lock records so that they would be completely uneditable, even by the user that created them as well as the Adesso Administrator (a.k.a. the god-mode dude).  While you can control some of these permissions from the SyncAdmin portal, the Adesso Administrator could still technically edit whatever he wants.  So we ended up implementing some new code last year into the Adesso source that completely locks entire records from being edited by anyone.  The business case for this functionality is to ensure that records that were created by someone are not altered at all at a later date, ensuring the validity of the data stored in that record.  This is important in medical records and other highly personal or security-prone data.

Today, I am going to explain how to create a button that, when clicked, essentially locks out records completely, so that they are absolutely uneditable by anyone.

Locking a record consists of two components:

1. three separate fields, one which stores a yes/no value, and two of which contain expressions
2. a button control that, when clicked, triggers an alert window prompting you to be sure that you want to proceed, and then, if user clicks ok, executes the expressions in the new fields

Step 1 - Create the Fields

You will need to create 3 fields in the table where you want to use record locking:

1. Field Name: “Record is locked” , data type: “Yes/No”, Display: “Checkbox”
2. Field Name: “Locking expression”, data type: “Yes/No”, Display: “Expression”, LOCAL FIELD checked, Expression text: “LOCKRECORD([Record is locked])” (no quotes)
3. Field Name: “Lock record button expression”, data type: “Yes/No”, Display: “Expression”, LOCAL FIELD checked, CALCULATE VIA BUTTON ONLY checked, Expression text: “SETFIELD([Record is locked], GETSYSPARAM(11, "Are you sure you want to lock this record? This cannot be undone"))” (no outer quotes, of course)

The following screenshots illustrate what these fields look like in the field editor.

 

This is the "record is locked" field.

 

This is the "locking expression" field.  Note that local field checkbox is checked.  This means that the value stored in this field won't get synced back the Adesso Server.   

 

This is the "lock record button expression" field.  Note that it too is a local field, but also observe that the expression contained in this field is triggered only via a button control (checkbox on bottom right of expression editor).

  

Step 2 - Create the Button on the Form

 Now we simply need to create a button control that triggers the "lock record button expression" field we created in Step 1 above.  To do this, open the form for the table where you want to lock a record, add the button to that form, select "calculate expression" from the action menu, and then select the "lock record button expression" field from the dropdown below the action menu.  The screenshot below illustrates this:

 

To add a button, simply click on an empty row and select "button" from the popup menu (its located close to the bottom of the popup menu)

 

The main point here is to create a button, select the "calculate expression" action, and then select the field you created that stores the SETFIELD and GETSYSPARAM code.  We are calling this field the "lock record button expression" field.

  

When you click on the 'appearance tab in the button designer, you need to click on the 'Disable on click' checkbox, and then change the colors to something different from the colors when the button is active.

Test Your Code in Runtime

Once you have completed Steps 1 and 2, it's time to test your code.  If you built this correctly, when you click on the button in runtime, you will get an alert message like the following:

 

 

When the user clicks on the button, the GETSYSPARAM (11) alert message pops up, displaying the alert message text that you entered.

 

Notice that after the user clicks on the 'Yes' button on the alert message, the 'finalize record' button greys out.  This is because we set the button to be disabled upon click and to change to default colors for background and text.

Once the user clicks clicks 'yes' on the alert message, and then on the OK button of the form, then the record will lock and will become completely uneditable.  

VERY IMPORTANT NOTES:  

1. Validation controls are triggered upon clicking on the OK button on the form.  What this means is that if the user clicks on the 'yes' button on the alert message box, and then on the ok form button, and some validations are not met, the validation controls will appear as a popup, preventing the record from actually being saved to the database.  If this happens, then the record will NOT become uneditable.  Rather, it will revert back to the state of the record before clicking on the 'finalize record' button.  What this means is that all validation rules will need to be met before the record can be saved to the database and thus become locked.
2.  Records can still be deleted if user credentials on the Adesso Server SyncAdmin allow delete permissions.  If you want to ensure that nothing ever gets edited or deleted, use the locking record function described in this blog AND make sure that no one has delete permissions on SyncAdmin.  The following screenshot illustrates where to find this delete permission on SyncAdmin:

  

Notice that there is a delete column with checkboxes unchecked in this example.  If the checkbox is UNCHECKED, then the users in that group cannot delete records from that table.