Allow Data Edit in Frontend
This feature is part of the Visforms Subscription and not available in the free Visforms version..
How to use the Access Rules - Basics
Although this article covers some basics of the Joomla! ACL it is important that you have understood how Joomla! ACL works before you start trying to set the Permissions for Frontend Data Edit in Visforms. Access rules in Joomla! support inheritance. There are two different lines of inheritance. One is working along the user group level (for example Registered -> Author -> Editor -> Publisher) where each level inherits from the one on its left side. In Visforms the other inheritance line is working along the line component settings -> form settings -> field settings (where the field settings inherit from the form settings which inherit from the component settings). This inheritance allows you to set up access rules with little effort (by setting the access rule of the leftmost level in the inheritance line). For example if you set the option "Edit own data" to "allow" for the user group level "Registered" on the "component" level of Visforms this will enable all Registered Users, Authors, Editors and Publishers to edit their own data in all forms.
On the other hand Joomla! does allow you to override the inherited access rules with either an explicit "allow" or an explicit "denied". Therefore you can create individual access rules for each part of your content. This makes the Joomla! Access Control Levels (ACL) such a powerful feature.
Joomla! comes with a predefined set of actions and access rules to manage access control. In order to give you an even more individual control of who can do what on Visforms, we have defined some additional actions in Visforms. These are 'core.edit.css', 'core.delete.data', 'core.export.data', 'core.edit.data' and 'core.edit.own.data'. (Please note, that 'core.edit.css', 'core.delete.data' and 'core.export.data' are actions which can only be performed in the Administration panel at the moment.)
It is a property of the Joomla! ACL that all actions which are not a predefined Joomla! access action inherit a "denied" value as default value, except for Super Users who are allways allowed to perform any action by default. Therefore it is necessary to explicitely set the access level of other user group levels to "allow" if you want to allow a specific action for a user group. Bearing in mind, what you have learned so far, this can be done very easily. Just choose in the line of inheritance the left most user group level which you want to allow a specific action and decide on whether you want to enable it for the entire component or for selected forms only and set the access rule according to your decision for this user group level on either the component or selected form(s) levels to "allow".
Where do I find the permission settings?
Visforms component setting can be accessed through the "Options" button in the Visforms form list view (or via System->Global Configuration in the administration panel menu).
Form settings are made in the form edit view, Tab "Form Permissions".
Field settings are made in the field edit view, Tab "Field Permissions".
There is a value "Select New Setting" and a value "Calculated Settings" for each Action (and for each user group). In the select list "Select New Setting" you can choose between "inherited", "allowed" or "denied". According to this selection Joomla! calculates the current permission value for a given user group and action and displays the calculated value ("Calculated Settings"). Although these "Calculated Settings" are mostly helpful they sometimes may mislead you. So if the permissions do not work as expected you always have to check the "Selected New Setting" values up the inheritance lines!
Although Visforms enables you to "allow" or "deny" the 'core.edit.data' and 'core.edit.own.data' for specific user groups on field level, too, a user will only be able to edit data if the edit data action is allowed on form level for them. So the rules on field level are meant to prevent a user from editing a specific field (deny) not to allow a user to edit a specific field when they are not allowed to edit the form data itself.
Visforms ACL actions for data edit in frontend
- edit data (which will allow a user with the proper user group level to edit all submitted user inputs. So this value should most probably be reserved for Administrators)
- edit own data (which will allow a user to edit data which they have submitted themself)
Only data submitted by a registered user can be edited with the "edit own option"
Visforms will store the user id of a logged in user with the submitted user inputs. This stored user id is used afterwards to connect submitted user inputs to a user and in order to decide which record sets a user can edit.
User with multiple user groups
Joomla! allows you to attach a user to more than one user group. For example you can create a user who is member of the group "registered" and of the group "manager". Having users with multiple user groups can soon become confusing and may result in some unexpected results. Nevertheless this is a powerful feature, too, you simple have to bear in mind that "denied" tops "allowed". So if you have set a permission in one user group explicitly to "denied" a user will not be able to perform the action, even if you have set the permission to "allowed" in the other user group. This is even true if the "denied" permission is inherited from a higher level of inheritance.
Where is the "Edit Data" Button
In order to allow data edit in frontend you have to create a menu item of type Visforms -> "Form data with edit link". You have to set visibility options for data views in frontend according to the instructions in the documentations article about Save results and use stored data in order to set up this view. There is one small difference. It is not necessary to set the form option "Allow Frontend Data View" to "yes". This will be achieved automatically by adding a menu item of type Visforms -> "Form data with edit link".
If necessary, you can use the data view access level option in the Visforms forms configuration and the access level option in the menu configuration to restict the access to the edit data view to a specific user group.
In addition to standard parameter set which are available for any menu item that displays form data, the menu item type "Form data with edit link" comes with an additional option "Editable Record Sets Only" in the "Form Data Display Options" Tab, which will allow you to create a data list which will only contain those record sets which the user is permitted to edit.
Visforms will automatically add an edit link column to the data list view of this menu item type if a user has permission to edit data or edit own data for this form. The edit link itself is only displayed for a record set, if the user has permission to edit this record set. Visforms will add a edit data button to the data detail view of this menu item type if a user has permission to edit this record set.
Using ACL settings and the form options and the menu options carefully, you can create data view lists, that only display those recordsets which a user has the edit permission for.
- Set only the form permission of a registered user for the "Edit own data" to "allowed".
- Create the menu item in a user menu, which is only displayed to registered users.
- Set the access level of the data edit view menu to "registered".
- Enable the option "Editable Record Sets Only".
Which data can be edited?
If a user has permission to edit a data record set and clicks the edit link, basically the form is displayed again using the stored data as default values for each published field. It is not possible to change values of hidden fields in frontend data edit. With this exception inputs of every other field can be changed according to the field's permission settings.
Those fields which a user has no permission to edit are not in the frontend edit view of the form but cannot be changed.
At the bottom of the form two buttons are displayed. One to save the changes the other to cancel.