javascript - How do I prevent users without admin access from saving a form with a certain status in faces -

i'm trying prevent users without administrative access saving form "complete" status selected, if not selected (e.g. users allowed open forms , make edits data, if status set complete, cannot mark documents complete).

the reason users allowed make changes 'completed' documents electronic record reflection of behinds scenes work process. in order item marked complete, several other processes have have been completed. information can edited after fact account errors in transcription or verbiage.

i'm thinking sufficient utilize onchange event re-selects previous selection if user tries change status complete . i'm looking elegant way it, without storing previous selection in separate field on page, stored elsewhere. grantbacking.editgrant.statuscode saved/current status code form. also, there @ least 3 different role types including read access, 'add', , 'administrator'. read - self explanatory, add - can make changes form should not able complete form, , administrator - can make changes , can mark form status "complete".

this have far:

<t:panelgroup> <sec:authorize ifnotgranted="administrator">      <h:selectonemenu id="grantstatus" onchange="#checkgrantstatuspermissions(this,grantbacking.editgrant.statuscode)" onmouseover="tip('#{msg_bundle.grant_status_help}')" value="#{grantbacking.editgrant.statuscode}">         <f:selectitems value="#{grantbacking.grantselectstatusfornonadmin}" />     </h:selectonemenu> </sec:authorize>  <sec:authorize ifanygranted="administrator">      <h:selectonemenu id="grantstatusforadmin" onmouseover="tip('#{msg_bundle.grant_status_help}')" value="#{grantbacking.editgrant.statuscode}">         <f:selectitems value="#{grantbacking.grantselectstatus}" />     </h:selectonemenu> </sec:authorize>  <sec:authorize ifanygranted="add"> <a4j:commandlink id="qsave2" render="@all" onmouseover="tip('click quick save')" action="#{grantbacking.savegrant}">     <h:graphicimage title="click quick save grant/contract" style="border-style:none;" height="20px" width="15px" library="default" name="img/icons/disk.png" /> </a4j:commandlink> </sec:authorize> 

<script type="text/javascript">     function checkgrantstatuspermissions(field, originalvalue){         if(originalvalue.equalsignorecase("complete")){             return           }         else{             document.getelementbyid(field).value = originalvalue.value;         }     } </script> 

prior item being marked complete can disable option building selectitems so:

<f:selectitems value="#{grantbacking.grantselectstatusfornonadmin}" var="v"     itemdisabled="#{grantbacking.shoulddisableoption(v)}"/> 

if version of el doesn't include ability pass parameters can accomplish same using inner class holds value, label, , has parameterless method shoulddisable.

when comes submitting completed form if user can't change complete other status, make selectmenu readonly. if can, shoulddisable logic should return false in case.

doing prevents users selecting known bad values , avoids coding behavior users wouldn't expect leading potential bug reports.