Discussions

Expand all | Collapse all

Button URL specific record with Everyone on the Internet

Bradley Damron04-16-2018 12:25

Bradley Damron04-16-2018 18:18

Bradley Damron04-17-2018 13:41

QuickBaseCoach Dev./Training04-18-2018 14:34

Bradley Damron04-18-2018 15:31

  • 1.  Button URL specific record with Everyone on the Internet

    Posted 04-13-2018 19:27
    I send an email with a URL button directed to a record that needs to be updated by a specific employee.  I do not want other employees to be able to manually change the record id in the url and view other records, is there a way to embed something in the button url unique to that record that is not easily modified? 


  • 2.  RE: Button URL specific record with Everyone on the Internet

    Posted 04-13-2018 23:06
    I have not totally thought this through, but what if you made a formula field of the [Record ID#] of [Related employee]  plus 98765. Call this field [Calculated Secret Code] So employee record ID #1 would have a value of 98766.

    Then when you send the link populate that field on the record called say [Access code].

    For that EOTI Role, make a permission that they can only see records where the [Secret Code] = [Calculated Secret Code]


  • 3.  RE: Button URL specific record with Everyone on the Internet

    Posted 04-14-2018 00:09
    That is something is was trying to figure out as well.  How if I have a field with a "secret" code within record can I send it in on the URL to bring up that specific record.  More importantly, how could I then limit that EOTI Role to only that record based on that "secret" code.  I think we are both going down the same thought path, I just may lack the experience in the URL with an extra field. 


  • 4.  RE: Button URL specific record with Everyone on the Internet

    Posted 04-14-2018 00:24
    Can I see the code for the link that you are sending?  Is it to add a record or view or edit a record? 


  • 5.  RE: Button URL specific record with Everyone on the Internet

    Posted 04-14-2018 00:29
    The code is simple:  

    URLRoot()&"DB/"&[_DBID_xxxxx]  &"?A=API_EDITRECORD&rid="&[Record ID#]&
    "&_fid_22=" & ToText(Now())&
    "&rdr=" & URLEncode(URLRoot() & "db/" &[_DBID_xxxxx] & "?a=er&key="&[Record ID#]&"&dfid=12")


    I have two fields, one called security code that I am setting, and other field called access code that I would want to set to equal security code. Then only allow users to view the page when those two match.  After a save of the record I would blank the access code through dynamic rules to prevent any unauthorized acess as a futher measure. 


  • 6.  RE: Button URL specific record with Everyone on the Internet

    Posted 04-14-2018 00:32
    Try this

    URLRoot()&"DB/"&[_DBID_xxxxx]  &"?A=API_EDITRECORD&rid="&[Record ID#]
    & "&_fid_22=" & ToText(Now())
    & "&_fid_999=" & ToText([Calculated Secret Code]


    &
    "&rdr=" & URLEncode(URLRoot() & "db/" &[_DBID_xxxxx] & "?a=er&key="&[Record ID#]&"&dfid=12")


    //999 is the fid of the secret code field 


  • 7.  RE: Button URL specific record with Everyone on the Internet

    Posted 04-14-2018 00:38
    Yes, that should work perfectly.  I guess that was pretty "thick" of me not realizing that line. 

    Last question, the custom permission rule, can you have a rule that says Calculated Secret Code is equal to [secret code]  

    It is an open text field for the second caparison factor so I wasn't sure if I could just add the field name or not. 


  • 8.  RE: Button URL specific record with Everyone on the Internet

    Posted 04-14-2018 12:59
    Right, I often forget that the custom permissions are not very flexible. So you need to make a formula checkbox field to check that they equal and then the custom permission Rule will test if that formula checkbox field is checked.


  • 9.  RE: Button URL specific record with Everyone on the Internet

    Posted 04-16-2018 12:25
    Great idea, thanks for all your help! 


  • 10.  RE: Button URL specific record with Everyone on the Internet

    Posted 04-16-2018 14:06
    I created the formula checkbox for the custom permissions, but my users still receive an error that they must login to edit.  I know the formula is working, but could this be because I am trying to update fields in the URL sending them into the record? 


  • 11.  RE: Button URL specific record with Everyone on the Internet

    Posted 04-16-2018 16:57
    That does seem odd that they need to sign in if the app is open to everyone on the Internet for editing.  Are you sure that the EOTI Role is allowed to edit? (subject to that secret code rule)?


  • 12.  RE: Button URL specific record with Everyone on the Internet

    Posted 04-16-2018 17:05
    Yes, when I removed the secret code checkbox = checked custom rule, everything worked perfectly.  Add the custom permission and it fails. Very odd. 


  • 13.  RE: Button URL specific record with Everyone on the Internet

    Posted 04-16-2018 17:15
    If you sign off of QuickBase or better yet for testing use an alternate Browser which is not logged in, can you view the record?  Can you edit the record manually while not logged in?


  • 14.  RE: Button URL specific record with Everyone on the Internet

    Posted 04-16-2018 17:38
    I can edit and view the record manually, but when I try the URL where I update fields then display the page it fails. 


  • 15.  RE: Button URL specific record with Everyone on the Internet

    Posted 04-16-2018 18:07
    So for the starrt of your formual whic is someting like this

    URLRoot()&"DB/"&[_DBID_xxxxx]  &"?A=API_EDITRECORD&rid="&[Record ID#]
    & "&_fid_22=" & ToText(Now())
    & "&_fid_999=" & ToText([Calculated Secret Code]

    ... is that table being edited open to everyone on the internet?  ie is is the same table for API_EditRecord and the table for "?a=er


  • 16.  RE: Button URL specific record with Everyone on the Internet

    Posted 04-16-2018 18:18
    Correct, same table in both places.


  • 17.  RE: Button URL specific record with Everyone on the Internet

    Posted 04-16-2018 18:30
    I'm grasping a bit now.  Have you disabled the need for Application Tokens in App Properties?


  • 18.  RE: Button URL specific record with Everyone on the Internet

    Posted 04-16-2018 18:39
    Correct, Application Tokens have been disabled.  I can get around it using dynamic form rules, but really just wanted something at the User permission level. 


  • 19.  RE: Button URL specific record with Everyone on the Internet

    Posted 04-16-2018 22:06
    I think I have two suggestions.  One is to ask support if there is anything else you need to specify when using an API like that.  But I'm note sure if support offers API help.

    Plan B is to set up a single generic userid for the button to use to sign in.


    var text URLONE = urlroot() & "db/main?act=API_Authenticate&username=xxx&password=yyyyyy";

    var text URLTWO = URLRoot()&"DB/"&[_DBID_xxxxx]  &"?A=API_EDITRECORD&rid="&[Record ID#]
    & "&_fid_22=" & ToText(Now())
    & "&_fid_999=" & ToText([Calculated Secret Code];

    var text URLTHREE = URLRoot() & "db/" &[_DBID_xxxxx] & "?a=er&key="&[Record ID#]&"&dfid=12";

    $URLONE 
    & "&rdr=" & URLEncode($URLTWO)
    & URLEncode("&rdr=" & URLEncode($URLTHREE))


  • 20.  RE: Button URL specific record with Everyone on the Internet

    Posted 04-17-2018 13:41
    Thanks, I will try that.  Great suggestion. 


  • 21.  RE: Button URL specific record with Everyone on the Internet

    Posted 04-18-2018 13:48
    One final question (I hope),  if you recall I am remove the 'calculated secret code' at save&close and the check formula is unchecked basically securing the record.  Is there a way to clear that field if the user hits cancel?


  • 22.  RE: Button URL specific record with Everyone on the Internet

    Posted 04-18-2018 14:34
    No - at least not natively.


  • 23.  RE: Button URL specific record with Everyone on the Internet

    Posted 04-18-2018 15:31
    Thank you, and thanks for all your help