Form publishing and client permission

[bnkaput]

Hi! I was wondering if, after a form is published and online, it can be set up so only specific clients can open this url/form? Otherwise redirect to a login screen? I've attempted to do this and the form can be reached and submitted regardless if I'm logged into form tools as a user or not. Or am I mis-reading the documentation about views and clients?

[Joe]

Hi there,

If you want to develop a form that is only accessible to specific Form Tools client it would be better to use Internal Forms. If you have an external form and want to restrict it to specific users you may want to consider the Submission Accounts module: http://modules.formtools.org/submission_accounts/

Cheers,

Joe

[bnkaput]

When I changed the form type from "form builder" to internal, I could still open the published form when not logged into form tools. Access is set to Private with specific users and is "online"

I ended up adding some code to the form.php
If user "has 'a' view for this form" -- then open form (even though the published form uses a view the user does not have permission to - as long as the user has a veiw permission to this form id they should be allowed to open and submit from the form).
This is because I'm using an "editable" view for submissions so they can fill it out, but don't want the same users to be able to edit, delete or add when logged in unless they open the published form (using a hyperlink on login). That way the javascript validation can not be avoided and I can trust the "is_finalized" field for completed submissions (as opposed to when logged in users hit the "Add" button- then "is_finalized" = yes before submission is actually completed).
I'm am however using submission accounts for edits, but not for all fields. (yet another view). So the permission requirements are a little "different" & probably wouldn't fit the needs of most but may be useful for others. (like me)

//after line 37 -- //added so only clients can load and fill out form when signed in but admin can load all: 2/28/2014
ft_check_permission("client");
$account_id = $_SESSION["ft"]["account"]["account_id"];
$grouped_views = ft_get_grouped_views($form_id, array("omit_hidden_views" => true, "omit_empty_groups" => true, "account_id" => $account_id));
if (empty($view_id))
{
ft_handle_error($LANG["notify_no_views_assigned_to_client_form"], "", "notify");
}

$is_admin = ft_is_admin();
$client_forms = ft_get_client_forms($account_id);
$valid_to_load = ('invalid');
if ($is_admin != 1) {
for ($i = 0; $i < count($client_forms); $i++)
{
$client_formid = $client_forms[$i]["form_id"];
if ($client_formid == $form_id)
{
$valid_to_load = ('valid');
}
}
if ($valid_to_load == 'invalid')
{
ft_handle_error($LANG["notify_no_views_assigned_to_client_form"], "", "notify");

}
}
else
{
}

$valid_to_load = ('invalid');


I'm not thrilled about adding it in the actual form.php file. A future update may blow this away. I haven't scoured the hooks manager yet, but is there a hook I could write a rule for in the hooks manager to apply this code?

Also: Is there a hook I could write a rule for the hooks manager to generate an xml to the server on submission - and on update - (dependent on submission field answers)? or no?