Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • LeaTark 20 posts 121 karma points
    Apr 23, 2024 @ 09:48
    LeaTark
    0

    Forms granular permissions

    We're using Forms 10.5.5

    Is there a way to grant a user access only to export data for a specific form or forms please? No access to edit forms or view other submitted data.

    Thank you.

  • LeaTark 20 posts 121 karma points
    Apr 23, 2024 @ 09:50
    LeaTark
    0

    I think I posted to the wrong place, could a mod move to Forms please? Thank you.

  • Venkat 6 posts 97 karma points
    Apr 23, 2024 @ 12:29
    Venkat
    0

    Hi LeaTark can you please describe more on this

  • LeaTark 20 posts 121 karma points
    Apr 23, 2024 @ 13:04
    LeaTark
    0

    Specifically, we export form submission data on request for some of our users. I'd like to let select users have access to export their own data. They must not be able to see submissions to anyone else's forms or be able to create/edit forms themselves. So I looked for a permissions based solution but couldn't find it if it was there.

  • UCP 9 posts 99 karma points
    Apr 24, 2024 @ 07:55
    UCP
    0

    Hi LeaTark,

    It sounds like you're looking to implement granular permissions in Umbraco Forms to allow certain users to export data from specific forms without giving them broader access to view all submissions or edit the forms themselves. Unfortunately, Umbraco Forms does not support this level of detailed permissions out of the box as of version 10.5.5. However, you can achieve this functionality through a custom implementation.

    Here’s a possible approach to customizing Umbraco Forms to meet your needs:

    Step 1: Custom Dashboard

    Create a custom dashboard in Umbraco's backoffice that is accessible only to specific user groups. This dashboard will only display options to export form data.

    Step 2: Restrict Access

    Utilize Umbraco's member groups and roles to restrict access to this custom dashboard. You can configure this via the Umbraco backoffice under the "Users" section, where you can set specific permissions for different user groups.

    Step 3: Custom Service to Handle Exports

    Develop a custom service that handles the export functionality. This service will:

    Check the current user's permissions to determine which form data they are allowed to export. Only fetch and export data from the forms they have access to.

    Step 4: Integration with Umbraco Forms

    API Controller: Create an API controller that uses the custom service to fetch and export the data. This controller will be responsible for generating the export file (e.g., CSV, Excel) based on the form data. Secure API Access: Ensure that the API checks for user authentication and permissions before processing any export requests.

    Example Code for API Controller

    Here’s a basic example of what the API controller might look like:

    using Umbraco.Cms.Web.Common.Attributes;
    using Microsoft.AspNetCore.Mvc;
    using Umbraco.Cms.Core.Security;
    using System.Security.Claims;
    
    [PluginController("CustomForms")]
    public class FormExportController : UmbracoAuthorizedApiController
    {
        private readonly ICustomFormExportService _exportService;
    
        public FormExportController(ICustomFormExportService exportService)
        {
            _exportService = exportService;
        }
    
        [HttpGet]
        public IActionResult ExportFormData(int formId)
        {
            var currentUserId = User.FindFirstValue(ClaimTypes.NameIdentifier);
            if (!_exportService.CanUserExportForm(currentUserId, formId))
            {
                return Unauthorized("You do not have permission to export this form.");
            }
    
            var data = _exportService.GetFormData(formId);
            return File(data, "text/csv", $"Form-{formId}-Export.csv");
        }
    }
    

    Step 5: Secure the Dashboard

    Link the dashboard to the API controller, ensuring that all requests for data exports go through this secure pipeline. Final Considerations

    • Testing: Make sure to thoroughly test this implementation to ensure that only authorized users can access the export functionality.
    • Maintenance: As this is a custom solution, keep in mind that future updates to Umbraco or Umbraco Forms may require adjustments to your custom code.

    This approach should provide the functionality you need while keeping the system secure and aligned with your requirements for user-specific data access.

    Best regards, UCP

Please Sign in or register to post replies

Write your reply to:

Draft