Programmable Fine Grain Control for Lotus Notes Document Deletion

Lotus Notes Domino (Notes being the rich client, Domino the server) has many features which allow a developer to quickly build high quality database applications. One of these is the ACL ,or Access Control List, which allows you to set general access to the database : who can read documents, who can edit document they didn’t author, and so one. Also whether they can also create or delete documents.

All very good and useful, but sometimes your are looking for a little bit more control than even that. Who can create a document with a given form is handled on that form.

But what about Deletion’s? As an example : you want to allow Role A to be able delete documents with form 1, but not form 2; or Role B can delete document in Draft mode (status=Draft) but not after the status is submitted.

So, you hunt around. Nothing on the document or view object (ui or backend). Then you find the NotesUiDatabase event “QueryDocumentDelete” (QueryDocumentDelete(Source As Notesuidatabase, Continue As Variant) ) which looks perfect because a) to defined as happening “just before a document or selected set of documents is deleted (cleared or cut).”, and b) it’s at the database level, so you don’t have to add it to every view (so no holes). c) the Source has a property “Documents” which gives you the “All the documents that the current NotesUIDatabase event is working on.” But it then you get sad, cause the “Continue” is True or False on the whole collection of documents being deleted, and the examples in the built-in help only show working on the collection. Rats! But don’t give up! There is enough here to let you do want you need to do.

Here is a simple example of letting only the creator of the document delete, if the status is “Draft” and it was created with “Form 1″. It’s assuming that there is a Status and Creator fields on the form. It can be used as a framework for more complicated business rules.

Sub Querydocumentdelete(Source As Notesuidatabase, Continue As Variant)
Dim dc As NotesDocumentCollection
Dim doc As notesdocument
Dim ws As New NotesUIWorkspace
Dim session As New NotesSession
Dim user As String

Continue = False ‘ deletions will be done by this script, Not by Notes

user = session.UserName ‘ get the person trying to do the deletion

‘ confirm that they meant to do a delete
If Not (Messagebox(“Are you sure want to delete the selected document(s)?”, 4 + 32, “Delete Document(s)”) = 6) Then ‘6 is “Yes”
continue = False
Exit Sub
End If

Set dc = Source.Documents ‘ get the one or more document selected for deletion
For i = 1 To dc.Count

Set doc = dc.GetNthDocument( i ) ‘ normally you would not use a GetNthDoc to go thur a doc Collection

If doc.form(0) = “Form 1″ Then ‘ check that it the right form type
If doc.status(0) = “Draft” Then ‘ check that the document is in draft stauts
If user = doc.Creator(0) Then ‘ check that the current user is the creator of the document
‘ if you need to do a audit trail for the deletion do in here
Call doc.Remove( True ) ‘ do the delete
Else
Msgbox “Only the Document Creator (” & doc.Creator(0) & “) can delete this Document”
End If
Else
Msgbox “Only the Draft Documents can be deleted.”
End If

End If
Next
Call ws.ViewRefresh

End Sub

The only thing that this changes in the “normal” flow is that this executes the deletion when the delete key is selected, rather than marking them for deletion and requiring F9 to process the deletion. (Which is the reason for the confirmation).

This also reminded me of a idea I had 6 or 7 years ago. One of the refinements of the ACL is the Reader field and the Author field which allows on a document level control over who can read or author a document. So want about a “Deleter” field? Same as a Reader field, it would contain the name or list of names, and/or Roles of who can delete a document. The Field could only have the name “Deleter”, the QueryDocumentDelete would loop though the Source.Documents see if a) the current users name was in the field, or b) if the current user belong to any listed Roles. if a) or b) then delete the document, else next document. I have never bother to completely code this out because the the only use I could see for it would be where the rules for document deletion are defined document by document by the user (and I haven’t seen a scenario where that would make any sense, but that doesn’t mean you haven’t! Which is all part of – or is it ?).

And a Big Thank you to for the , the index to date, and now promoting the idea of a “best of snttf

Sean Burgess asks, is this a Case for another field type in Notes? Having a “Who can Delete Documents with this form” option on the Security Tab of the Form Property infobox would be a nice refinement for about 80% of the need, although document by document is what I really want.

Updated: Jan 21 2008 >> Now on Idea Jam : A “Deleters” field

3 thoughts on “Programmable Fine Grain Control for Lotus Notes Document Deletion

  1. A good idea in my book. But if they implemented such a field, you wouldn’t even need to have code in your QueryDocumentDelete. All you would need to do is put in a user name, group, or role in that field and the internal Notes code would determine if the person can delete the document. How much easier and more secure would that be than the hoops we have to walk through right now.

    Sean—

    Ian : But until They Do, We can build it Ourselves.

  2. Pingback: False Positives » Blog Archive » SNTT : Trapping Document Delete in LotusScript to skip Document processing

Leave a Reply