[User]

A customer of mine has a request to limit the calendar to FileMaker account holders who will view only their own schedule via custom web publishing.

What would be the most efficient and secure way to achieve this? They currently host through a third party and will look to hosting the calendar the same way.

[adminKeymaster]

Depending how secure you need it, versus how much development you want to put in, you could do something like this:

1. Create a data source in soSIMPLE Settings that has 
   • a flag set not to show any records (“Show Only Records Flag”). This means that if you show the calendar without any parameters, no events will show up.
   • an advanced server-side script selected
2. Create a PHP page that authenticates against your solution.
3. As part of authentication, a FileMaker script can generate a UUID and attach it to a staff record for the person logging in. You can even timestamp it so that it only lasts a certain amount of time. This will act as a token. 
4. Display the calendar using the URL from soSIMPLE Calendar Settings, and add the parameter “&find_parameter=<token_UUID>” 
5. Set up an Advanced Find script in your solution to:
   • search for the staff record containing that UUID
   • search for event records assigned to that staff person.

 

When it’s set up, the Advanced Find Script runs on the server every time soSIMPLE calendar retrieves events to display.

More information about Advanced Find Scripts: http://www.sosimplesoftware.com/products/calendar-documentation/calendar-builder-reference/data-sources/filemaker-fields/scripts/advanced-find-server-side-script/

Of course, we can also offer our custom development services – let us know via a Private Reply, if you’d like to discuss this option.

[Author]

Posts