XPages support definition of a page-specific ACL, allowing you to refine permissions for specific portions of an application, as described in this article. As Paul mentions in the comments, you can also set an ACL on a specific panel component; this allows you to define entirely different permissions for distinct portions of the same page. For example, if you were to create an "in-view editing" interface using a repeat control, you would typically create a panel inside the repeat, with a panel-specific data source bound to each document that is being iterated. In this scenario, you can define an ACL specific to that panel, which would allow you to block editing of information associated with records the user should not modify. This is a very useful feature.
There's a problem, however: the Directory API, in general, is rather buggy. While I haven't personally repeated my previous testing of the API within 8.5.3, there were serious issues with it in all prior 8.5.x releases. In fact, simple username queries could even cause server crashes. At the time, IBM told me they were able to reproduce the behavior, so I'm assuming the problem has already been resolved or is, at least, on their radar. But, again, I haven't yet confirmed that 8.5.3 fixes the problem.
As such, it is inadvisable to define a page- or panel-specific ACL if the application will be accessed on servers that support Directory Assistance. Keith and I have both gotten burned by this: specifically, if a user authenticated against an account in the primary Domino Directory accesses a page with an ACL, the page functions as expected... if, on the other hand, the same page is accessed by a user authenticated against an account in a directory registered with Directory Assistance (whether LDAP or a secondary Domino Directory), a 500 is often thrown. Replacing the ACL with an alternative approach to managing security and visibility of data resolves the problem.
learn the Java Collections Framework
Thu, May 24th 2012 12:40a Tim Tripcony If you're a Domino developer, you're likely already developing XPage applications or headed in that direction. And if you're already developing with XPages, you're likely at least curious about Java, if not already familiar with at least a few concepts of the language.
I'm asked with increasing frequency, "how should I start learning Java?" That's not a surprising question, given both the complexity of the language and the sheer amount of information available; it's comparatively eas [read] Keywords: domino
lotusscript
notes
xpages applications
community
development
java
oracle
198
the most useful content in the Lotus application development wiki
Tue, May 22nd 2012 1:21p Tim Tripcony The Lotus Notes and Domino Application Development wiki is by now chock full of useful content. But one page in particular stands out to me as being possibly the most enlightening of all: the XPages configuration file format article. I reference this article constantly. It documents nearly everything that can be defined in a .xsp-config file. In a control library, these are the files that define what controls the library contributes, but in some cases, also defines validators, converters, data s [read] Keywords: domino
ldd
lotus
notes
xpages application
development
wiki
134
5 years
Mon, May 21st 2012 9:37a Tim Tripcony Five years ago today I started a new job at some tiny little consulting company called Lotus 911. Since that time, my specific role and job duties have periodically shifted, that tiny little company was acquired by what is now the largest Lotus-centric IBM Business Partner on the planet, and the platform itself has evolved in ways I never would have anticipated, but the initial impression I had in the very first hour all those years ago remains to this day: I love my job, and I'm honored that t [read] Keywords: domino
ibm
lotus
notes
xpages consulting
development
250
quick tip: conditional event handlers
Sat, Apr 28th 2012 7:20p Tim Tripcony I was recently asked by a colleague whether a partial refresh event can be canceled during its execution - if, in other words, the code first checks whether the rest of the code is necessary or useful, and that check returns false, can the code then somehow prevent the refresh from occurring?
I told him that I didn't believe this was possible. The reason for my answer was that, because the standard event handlers in XPages use Dojo's XHR (XMLHttpRequest), what triggers the event in the firs [read] Keywords: domino
xpages ajax
applications
dojo
javascript
network
server
264
LotusLearns wants you to think my content is theirs
Fri, Apr 20th 2012 3:28p Tim Tripcony It was brought to my attention today that LotusLearns.com has been aggregating all sorts of Lotus-related content (including some of mine) without obvious attribution.
Check out Nathan's post for more information.
If information that I share is useful to others, then I'm always happy to see it reach a wider audience. But our community has a pretty good track record of giving credit where credit's due, and it concerns me that LotusLearns is representing so much content as their own. For [read] Keywords: lotus
ntf
xpages community
linking
planetlotus
planetlotus.org
564
why extensive use of Themes speeds up XPage execution
Sun, Apr 15th 2012 11:11p Tim Tripcony I've mentioned before in my presentations on Themes in XPages that deferring as much component property evaluation to Themes as possible actually makes XPage execution more efficient. But I've recently had a reason to investigate more thoroughly the reason for that result, so I wanted to share my findings. I've been able to identify two completely separate reasons for this increased efficiency (although there certainly could be more):
Themes are not evaluated until the "render response" p [read] Keywords: domino
ibm
xpages interface
java
oracle
properties
356
when to create reusable controls
Fri, Apr 13th 2012 5:30a Tim Tripcony Most of us understand why our code should be reusable, even if it isn't: keeping duplication of effort to a minimum, such as the capacity to apply a fix or enhancement once and gain distributed benefit. In terms of XPage controls, there is also a lot of information available about how to structure code to make it reusable. For instance, I recently submitted two guest tutorials to Notes in 9: an example of how to implement an in-view-edit Custom Control, and a demonstration of converting a Custo [read] Keywords: domino
notes
xpages application
applications
development
interface
the XPages Extension Library book is almost here
Mon, Mar 19th 2012 1:45a Tim Tripcony After more than a year of discussing, planning, writing, editing, reviewing, and mailing paperwork around the globe, it's almost here: the definitive guide to the XPages Extension Library is scheduled for publication effective May 9.
The official authors are Paul Hannan from IBM, Declan, Jeremy, Paul Withers, and myself, but we had help from quite a few others in the Domino community, including several IBMers, such as Niklas Heidloff... in my opinion, the content he provided that demonstrate [read] Keywords: domino
ibm
xpages applications
community
facebook
integration
