QZ Forms

The code is data

Managing Users

Permissions

There is a multitude of variations available for organizing permissions. The simple suggestion is appropriate for small installations with non-critical data. A formal structured method is also given. It is more appropriate for projects with multiple form developers, and projects requiring unique permissions for different users.

Simple

In order to use QZForms, a user needs read permissions on schema qz. For quasimodo:

GRANT USAGE ON SCHEMA qz TO quasimodo;
GRANT SELECT ON ALL TABLES IN SCHEMA qz TO quasimodo;
GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA qz TO quasimodo;
GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA qz TO quasimodo;

A form developer will need to be able to update items in schema qz. The simplest way to accomplish this is for the database to be created with the form developer as the owner, then run the qz_db_install_SVn.sql script as this user. Permissions will follow by being the owner of all objects created.

Putting the tables and other objects into the public schema will avoid the need to grant permissions for each object created.

Formal Structured

This scenario starts with the database superuser (created when PostgreqSQL is installed and the database cluster is created with initdb) creating specific roles for users, form developers, and an assumable role for DB admin. As the superuser, for database test4:

-- Create a subordinate role to own everything
CREATE ROLE dbadmin NOINHERIT NOLOGIN;

-- Create the db owned by above
CREATE DATABASE test4
OWNER dbadmin
TEMPLATE template0
ENCODING utf8;

-- Create roles to be assigned
CREATE ROLE qzdev NOINHERIT NOLOGIN;
CREATE ROLE qzuser NOINHERIT NOLOGIN;

-- Because noinherit, developers must become dbadmin
-- with set role, all db objects are owned by dbadmin.
GRANT ALL ON DATABASE test4 TO dbadmin WITH GRANT OPTION;
GRANT dbadmin TO qzdev;

-- Allow users to connect
GRANT CONNECT, TEMP ON DATABASE test4 TO qzdev;
GRANT CONNECT, TEMP ON DATABASE test4 TO qzuser;

-- Repeat these for users and developers
GRANT qzdev TO jk;
GRANT qzuser TO esmeralda;
GRANT qzuser TO quasimodo;

With the database and roles created, the next step can be done by the form developer.

-- Connect and become admin
\c test4
SET ROLE dbadmin;

-- Load the qzforms schema
\i /some/path/qz_db_install_SVn.sql

-- Allow \d to show schema qz
SET search_path = "$user",public,qz;

-- Allow users to see into schema qz
GRANT USAGE ON SCHEMA qz TO qzuser,qzdev;

-- Allow things to work
GRANT SELECT ON ALL TABLES IN SCHEMA qz TO qzuser;
GRANT ALL ON ALL TABLES IN SCHEMA qz TO qzdev;

GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA qz TO qzuser;
GRANT ALL ON ALL SEQUENCES IN SCHEMA qz TO qzdev;

GRANT EXECUTE ON ALL FUNCTIONS IN SCHEMA qz TO qzuser,qzdev;

RESET ROLE;

A schema for data may be setup. By creating a schema instead of using the public schema, permissions are by default, limited to just those explicitly granted. For example:

SET ROLE dbadmin;

CREATE SCHEMA work;
GRANT USAGE ON SCHEMA work TO qzuser,qzdev;

CREATE TABLE work.list (
id SERIAL PRIMARY KEY,
words TEXT
);

GRANT SELECT, INSERT, UPDATE, DELETE, TRIGGER
ON TABLE work.list
TO qzuser,qzdev;

RESET ROLE;

User Menus

There is a "main" menu that is different from other menus. A user menu will be substituted for the menu "main" if it is specified allowing the form developer to control which forms the user can access.

Create a menu

Create a menu from the Form Development Menu, Menu Menu, All Menus. Click Insert,

menu_name
needs to conform to the pattern for a variable name, no symbols, whitespace, or funny characters, just an unbroken text string less than 63 bytes.
target_div
The xml template will have some <div id="X"> tags with various id's in place of X. The menu goes into the div with the given id.
description
Just some helpful text

Add menu items

Go back into the menu just created, the select "Menu Items".

menu_item_sequence
The menu item sequence is an integer and determines the order of each menu item. The record key is the menu name, sequence pair.
target_form_name
The target form name is any existing form. Create the form before adding it to a menu.
action
The action is any action the form supports, but some actions are more useful than others. Common choices are "list" for onetable forms, and "edit" for grid forms.
menu_text
The menu text is what appears on the menu button.
context_parameters
Context parameters apply to forms in a form set. For simple forms, this should be left empty. Form sets allow the menu option to carry attributes from the current form to the form action specified. form_sets.html

Assign a user menu

From the Form Development Menu, Menu Menu, user menus, you may insert a user name and select a menu from those available. When the user logs in, the selected menu will be the one displayed across the top.