Using the Entity Attribute Access Control alongside controller rules

I have a scenario where I have a record in which I would like a couple of fields read only in the UI regardless of the records status as we have added logic to the controller to calculate these fields. At the same time I do not want these fields to be read only through the API as an interface which creates these same records will be setting these fields and I need to honor the values provided by the foreign system.

The rest of the fields on this record need to become read only based on the status of the record (once the record is “Approved” the entire record becomes read only) and this rule should be applied to both the web front end and the API.

I have created an Entity Attribute Controller which applies the read only logic to the entire record based on the status and this is working correctly. The issue I am having is taking the record back out of the “Approved” status in which case the record should become editable again.

Calling attributeAccessSupport.applyAttributeAccess() with a second parameter of false does not reset the components so my record remains read only and calling the method with a parameter value of true causes my read only rules which I defined in my controller to get reset which is not desired.

Do you have any suggestions on a correct approach to this problem of needing some rules applied in the UI only and other rules needing to be applied in the UI and API layers?

Is there a way to detect where the request is coming from in the Attribute Controller so only certain rules are applied when called from the API and others are applied when called from the front end?

Any suggestions are welcome. Thank you,
Corey Amoruso

Hi Corey,

First solution that came to my mind is to programmatically set the UI fields read-only after invoking attributeAccessSupport.applyAttributeAccess(this, true).

Thanks, we will move forward with this approach.