Visibility based on userrole using XPATH

Is there a way to limit visibility on a field inside a dataview based on user role but using XPATH instead of selecting the checkboxes for Module Roles?   The reason I ask is that Lets say I have a form that can be filled out by anyone, Users AND Admins. (Admins are also Users). Later on there is a “read only” view but I want Admins to be able to edit a field so I have two of the same fields, one is editable for Admins but not editable for Users. I set the visibiliy so Admins can see the editable field and Users can see the read only field.   Users can indeed see only the read only field. But becaus Admins are ALSO Users, they see BOTH.    So I need a way to have an xpath visibility expression that sys something like [%CurrentUser%[System.UserRoles != '[%UserRole_User%]']] to the read only view field. This way if someone is an Admin AND a User, the fact that they have the User role will make it invisible.   However in Xpath when I start with %CurrentUser%, there isn’t any way to traverse the user’s roles.  
1 answers

This should be managed through security. Not by editability in the page field.

because setting a input field in a page not editable, doesn’t block a user from entering data bypassing the page directly on the server. And thus making it not editable is just a fake solution.

I understand that the object displayed in the dataview undergoes a status change.  when new, then a user is allowed to edit, when submitted its not. So add a XPath on security level on the related entity.


First Access rule

Role: User 

Access rights: RW

XPath [WhatEverStatusIsDefiningTheNewStatus]


Second access rule

Role: User

Access rights: R

XPath [All other cases] or even no XPath defined


Third Access rule

Role: Administrator

Access rights: RW

XPath: non