Okay, let me explain a little bit about what I’ve been doing. I’ve been instructed to produce “auditing” scripts on a database application that has been assigned to me — basically, a series of scripts that will keep track of changes made by users in documents of the application.
Not so hard, eh?
I wish. Making an actual script like this work is no big deal, of course — making it secure, however, is.
So, I’ve had to learn the server-side scripting language necessary for this to work, and on a Domino server that means LotusScript. And of course, to utilize LotusScript in a web application, you have to make use of the “WebQueryOpen” and “WebQuerySave” server events.
I combined these two technologies together into one pretty mean auditing script. Since variables you assign in the WebQuery events aren’t saved, the only way I could track changes in the document currently being edited by the user was to actually create a temp document that stores the values of the document at it’s opening. Then, when the user saves, the values they’ve toyed with are tested against the values found in the temp document, the necessary audit record is made, and the temp document is deleted. Pretty neat, huh?
Well, there were bugs, of course. Due to the stateless nature of the web, sometimes temp documents are orphaned if the (always scatterbrained) user closes down an edit window before he/she has saved — the WebQuerySave event never fires on the server, and the temp document is never deleted. There’s a quick and easy fix to that, though — just have an agent run every night, deleting any orphaned temp documents from the previous day. Have it run at about 2 a.m. or so — that way the unlikely scenario of a user editing a document at midnight and his changes not being audited won’t occur.
Another little problem happened when I tried to test the app with a test user who was barebones in the way of file permissions (up until this point I had been testing it with my own Designer-level access) — you can probably guess what happened, eh? No changes were audited! Why? Because they didn’t have enough access to create temp documents! Doh-doh!
Well, that was a simple fix — just uncheck “Run as Web User” on the agent properties box. That way the agent will always run as its designer — also, logging the current user’s name has to be taken care of with the CGI variable “Remote_User” instead of the more typical Session.EffectiveUserName.
So, there you have it! I’ll try posting the code one day, once I’ve taken it apart and made it portable.
Once I’ve gotten rid of any more bugs, of course.