I send an email with a URL button directed to a record that needs to be updated by a specific employee. I do not want other employees to be able to manually change the record id in the url and view other records, is there a way to embed something in the button url unique to that record that is not easily modified?

I have not totally thought this through, but what if you made a formula field of the [Record ID#] of [Related employee] plus 98765. Call this field [Calculated Secret Code] So employee record ID #1 would have a value of 98766.Then when you send the link populate that field on the record called say [Access code].For that EOTI Role, make a permission that they can only see records where the [Secret Code] = [Calculated Secret Code]

That is something is was trying to figure out as well. How if I have a field with a "secret" code within record can I send it in on the URL to bring up that specific record. More importantly, how could I then limit that EOTI Role to only that record based on that "secret" code. I think we are both going down the same thought path, I just may lack the experience in the URL with an extra field.

Can I see the code for the link that you are sending? Is it to add a record or view or edit a record?

The code is simple: URLRoot()&"DB/"&[_DBID_xxxxx] &"?A=API_EDITRECORD&rid="&[Record ID#]&"&_fid_22=" & ToText(Now())&"&rdr=" & URLEncode(URLRoot() & "db/" &[_DBID_xxxxx] & "?a=er&key="&[Record ID#]&"&dfid=12")I have two fields, one called security code that I am setting, and other field called access code that I would want to set to equal security code. Then only allow users to view the page when those two match. After a save of the record I would blank the access code through dynamic rules to prevent any unauthorized acess as a futher measure.

Try thisURLRoot()&"DB/"&[_DBID_xxxxx] &"?A=API_EDITRECORD&rid="&[Record ID#]& "&_fid_22=" & ToText(Now())& "&_fid_999=" & ToText([Calculated Secret Code]&"&rdr=" & URLEncode(URLRoot() & "db/" &[_DBID_xxxxx] & "?a=er&key="&[Record ID#]&"&dfid=12")//999 is the fid of the secret code field

Button URL specific record with Everyone on the Internet

22 Replies

BradleyDamron
Qrew Cadet
8 years ago
Yes, when I removed the secret code checkbox = checked custom rule, everything worked perfectly. Add the custom permission and it fails. Very odd.
QuickBaseCoachD
Qrew Captain
8 years ago
If you sign off of QuickBase or better yet for testing use an alternate Browser which is not logged in, can you view the record? Can you edit the record manually while not logged in?
BradleyDamron
Qrew Cadet
8 years ago
I can edit and view the record manually, but when I try the URL where I update fields then display the page it fails.
QuickBaseCoachD
Qrew Captain
8 years ago
So for the starrt of your formual whic is someting like this

URLRoot()&"DB/"&[_DBID_xxxxx] &"?A=API_EDITRECORD&rid="&[Record ID#]
& "&_fid_22=" & ToText(Now())
& "&_fid_999=" & ToText([Calculated Secret Code]

... is that table being edited open to everyone on the internet? ie is is the same table for API_EditRecord and the table for "?a=er
BradleyDamron
Qrew Cadet
8 years ago
Correct, same table in both places.
QuickBaseCoachD
Qrew Captain
8 years ago
I'm grasping a bit now. Have you disabled the need for Application Tokens in App Properties?
BradleyDamron
Qrew Cadet
8 years ago
Correct, Application Tokens have been disabled. I can get around it using dynamic form rules, but really just wanted something at the User permission level.
QuickBaseCoachD
Qrew Captain
8 years ago
I think I have two suggestions. One is to ask support if there is anything else you need to specify when using an API like that. But I'm note sure if support offers API help.

Plan B is to set up a single generic userid for the button to use to sign in.

var text URLONE = urlroot() & "db/main?act=API_Authenticate&username=xxx&password=yyyyyy";

var text URLTWO = URLRoot()&"DB/"&[_DBID_xxxxx] &"?A=API_EDITRECORD&rid="&[Record ID#]
& "&_fid_22=" & ToText(Now())
& "&_fid_999=" & ToText([Calculated Secret Code];

var text URLTHREE = URLRoot() & "db/" &[_DBID_xxxxx] & "?a=er&key="&[Record ID#]&"&dfid=12";

$URLONE
& "&rdr=" & URLEncode($URLTWO)
& URLEncode("&rdr=" & URLEncode($URLTHREE))
BradleyDamron
Qrew Cadet
8 years ago
Thanks, I will try that. Great suggestion.
BradleyDamron
Qrew Cadet
8 years ago
One final question (I hope), if you recall I am remove the 'calculated secret code' at save&close and the check formula is unchecked basically securing the record. Is there a way to clear that field if the user hits cancel?

Forum Discussion

Button URL specific record with Everyone on the Internet

22 Replies

Related Content

Homepage accessible to Everyone on Internet Role

Everyone on the Internet

Everyone on the Internet role

Users and Everyone on the internet

Update existing Entry using a form open to everyone on the internet?