Prevent Certain Users From Saving Documents
You probably already know about the Form QuerySave event and setting Continue to False to prevent a document from being saved. But did you know that an experienced user could actually get around that and still save the document?
What you have to do is turn the LotusScript debugger on, and then set a breakpoint in the QuerySave event. When you get to that point, click the Stop button in the debugger. This will stop the LotusScript from executing before the value for Continue has been set. This means the document will be saved.
Is there anything a developer can do?
Why, yes there is. Instead of using LotusScript, use Formula (either can be used in a QuerySave event). When using the Formula language, you don't have Continue, but you can set SaveOptions to "0" to prevent the document from being saved. Here's how you do it.
First, make sure you do not have a field called SaveOptions on your form. If you want some people to save and others not to save, this only works if that field doesn't exist.
Next, use a formula similar to this one in your form's QuerySave event:
FIELD SaveOptions := @If(@IsNotMember("[Admin]"; @UserRoles); "0"; @DeleteField);
@Success
What's going on there?
The first line says that if the user doesn't have the "[Admin]" role enabled, then set the field SaveOptions to a text zero, which will prevent the document from being saved (remember, this is the QuerySave event, so it happens before any save would happen). However, if the user does have the "[Admin]" role enabled, the save should happen, so make sure the SaveOptions field doesn't exist.
Why not just set SaveOptions to a text one ("1")? Although that would work for this time, it wouldn't necessarily work the next time. When that field actually exists on the document, then our testing showed that the save would still happen even if you didn't want it to (that's why you shouldn't have that field on your document). So we don't want the field created.
Why not use @SetField?
That function will set the value of an existing field on a form, but will not create a new field. Since the field doesn't exist, things need to be done that way.
And the @Success at the end is just so there is a statement in the event. The form can't be saved without some kind of a statement - you could use @True or @All or some others if you want.
Pretty cool, huh?
The experienced user can't get around this because it's formula language, so it will really prevent the document from being saved. You can make that formula as complicated as you want, just make sure that SaveOptions is set to "0" if you don't want it saved and to @DeleteField if you do want it saved.