Out of the box, comes two very useful formatters:
Incident Variable Editor
Change Variable Editor
For those who haven’t used them (probably a very very limited few I’m guessing), these formatters display the variables which were submitted with the form.
When configuring security for the system, I wanted to hide the variable editor using ACLs and use the same logic as securing the rest of the form. The issue is however, ACLs cannot be applied to formatters (that bugs me a little bit but oh well, a topic for another day 🙂 ).
So digging into it a bit deeper, I found a very easy (and out of the box’ish) solution for it…
The trick is to use a field type of ‘Variables’. Never seen this field type before? That’s because it’s locked away. To unlock it, go to the sys_glide_object. This table stores all the field types available.
There’s one called ‘variables’. Just mark it as visible=true and it immediately becomes selectable as a field type. Just add this field to the form instead of your normal ‘Incident variable editor’ or ‘Change variable editor’.
Now any table.* or even table.field ACLs will work on the variable editor as if it was any normal field.
Simple and quick.
I found this extremely useful when working on our HR product where data security is a number one concern.