I've been doing some experimenting with Umbraco Forms, and unfortunately I don't think it's going to be able to do what I want it to do.
I thought I'd post my findings so that I can be corrected by people who know better than me, or - if I am correct - I might at least save somebody else some time. Any comments would be welcome!
Let me start by saying that what I'm trying to do isn't exactly what Forms was designed for, so I don't want anyone to feel bad that I couldn't achieve my goal, or that I'm being overly critical. That said, it does seem so close in many respects that it's a shame I couldn't get there...
What I was trying to achieve was to use the form-building capabilities of Forms to manipulate data stored in an existing database. This was to include inserting new data in addition to editing existing data.
I started by writing a custom Forms Data Source Type to handle the saving of data entered into a form to my database. This worked fine for inserts, so my attention turned to edits.
When this option is enabled, you can indeed edit a previously entered form by putting its GUID on the query string. However, there is no mechanism to retrieve the data from the custom Data Source Type. Instead, it uses data stored internally in Umbraco Forms at the point of original submission.
This is a problem for 3 reasons. Firstly, we want users to be able to edit records which didn't necessarily originate on the website. Also, the GDPR constraints applied by the project team forbid us storing this data outside of our database. Finally, if the data changes in the database after the form is initially submitted then these changes won't be reflected when the user edits the form.
Another issue is one of security. The ability to edit records is either 'ON' or 'OFF'. Quite sensibly this is 'OFF' by default. I had intended to add logic to my custom Data Source Type to ensure the current user had the appropriate permissions to see the data they were trying to edit.
Without this in place, any logged in user could manipulate the data of any other user by simply getting hold of the URL of one of the pages they were viewing.
As I say - please let me know if I'm missing something...
Editing Data with Umbraco Forms
Hi,
I've been doing some experimenting with Umbraco Forms, and unfortunately I don't think it's going to be able to do what I want it to do.
I thought I'd post my findings so that I can be corrected by people who know better than me, or - if I am correct - I might at least save somebody else some time. Any comments would be welcome!
Let me start by saying that what I'm trying to do isn't exactly what Forms was designed for, so I don't want anyone to feel bad that I couldn't achieve my goal, or that I'm being overly critical. That said, it does seem so close in many respects that it's a shame I couldn't get there...
What I was trying to achieve was to use the form-building capabilities of Forms to manipulate data stored in an existing database. This was to include inserting new data in addition to editing existing data.
I started by writing a custom Forms Data Source Type to handle the saving of data entered into a form to my database. This worked fine for inserts, so my attention turned to edits.
I found this issue in the tracker which suggests editing is possible , but this turned out to be a dead-end for a number of reasons:
When this option is enabled, you can indeed edit a previously entered form by putting its GUID on the query string. However, there is no mechanism to retrieve the data from the custom Data Source Type. Instead, it uses data stored internally in Umbraco Forms at the point of original submission.
This is a problem for 3 reasons. Firstly, we want users to be able to edit records which didn't necessarily originate on the website. Also, the GDPR constraints applied by the project team forbid us storing this data outside of our database. Finally, if the data changes in the database after the form is initially submitted then these changes won't be reflected when the user edits the form.
Another issue is one of security. The ability to edit records is either 'ON' or 'OFF'. Quite sensibly this is 'OFF' by default. I had intended to add logic to my custom Data Source Type to ensure the current user had the appropriate permissions to see the data they were trying to edit.
Without this in place, any logged in user could manipulate the data of any other user by simply getting hold of the URL of one of the pages they were viewing.
As I say - please let me know if I'm missing something...
is working on a reply...