Continuing with our Custom Actions series, this latest release implements field-level security independent of the security level of the container. In other words, it would be possible to create a basic form for all your users, but hide specific fields or controls based on the user's current access group.

For example, lets say you are creating an inventory management application and you create a grid to display inventory items. You want the supervisors to retrieve all information about the items, but you want to hide the item's cost to regular users. With this Custom Action you can hide controls in a Grid, fields in a Record form, or any control in any of the CCS containers (forms or page). Optionally, you can select an output label and a message that would be shown to the user instead of the hidden control. This way you could, for example, display "Upload disabled" instead of the upload control.

For the CCS plug-in developer, this action presents several interesting things. Conditional generation (where part of the code is generated based on a flag set by the user), Custom Dialogs to retrieve user input, and passing values from the dialog to regular and Hidden properties. Of special interest is how we managed to persist access groups selected through the dialog. Normally, CCS store this information in a collection object called SecurityGroups. This is a special property of the page element, the forms, and selected controls. Unfortunately, Action elements do no provide the SecurityGroup structure, and that made the regular dialog unusable. To work around this, we created a hidden property and used that as storage for the access groups. We then modified the dialog's JavaScript code and replaced the SecurityGroups collection access with our own custom code in order to store the selected groups in a semicolon-separated list (why a semicolon? Because that's the way the CCUserInGroups function expects the group list).