I wondering if anyone is creating a JavaScript object to store user credentials after an initial process to load a user's role. Getting a list of user's role's to check against for various security level access to buttons, fields, data, etc. requires individual calls to the CRM database. It seems that the overhead is a bit much on every postback. So I am wondering if anyone has tried to create something in JavaScript to better handle this... or maybe I am approaching this altogether incorrectly.
As an example, consider that if we have 3 levels of access... user, manager, director. Each time a user hits CRM we have to figure out which type of user they are. So we then request from CRM the user's roles, which are returned as GUIDs. We then translate those into descriptions with a second hit to the CRM database, as the GUID is unique to the system and we cannot use the GUID in our logic. We get the string description and we can then use it to determine if the user has what level of access. Then we turn off and on the various create, qualify, and other buttons. Now in the ribbon I did not see anyway to wire in a display rule tied to the security role name. I had to add a JavaScript rule and use JavaScript to handle this. And hense the problem...
Here's what each save, refrech, post-back, etc. has to do. Is there a better way? Can I load it once like I would in ASPX and hold the value? I am not a JavaScript expert so I don't know how to correctly approach this in JavaScript. Here's the steps...
- Pull the user's roles.
- Loop through the roles to get the GUIDs.
- For each GUID, call out to CRM and translate the GUID to the string description of the role.
- Check to see if the role matches one of our three roles. Checks the highest access level/role first and then goes to the lowest so that if a match is found, we can exit the process as early as possible. For example, I check if a user is in the admin role first, as there is no need to continue and check for any others.
- When a match is found we drop into JavaScript logic to set the button's visibility and/or enabled the button(s).
This seems a bit much for every postback. Is there a better way? If I was doing this without session variables and in ASP.Net, I could create a user class to hold the user access level and use it to check on each postback. But in JavaScript, I am not so sure how best to do this. I've even considered use a table, a cookie, etc. to just store the user's access level. Then just have a short timeout value... like an hour to make sure we can change their access level as needed.
I realize I need to beef up on my JavaScript and I am doing so. I have only used JavaScript for web pages events going back to the late 90's and never really anything more than that. So I might be missing something very simple here.
Jon Gregory Rothlander