Menu
SuiteCRM Pull Request Party hosted by SalesAgility
Welcome, Guest
Username: Password: Remember me

TOPIC: Field level access control

Field level access control 1 year 2 days ago #66119

  • pragneshc
  • pragneshc's Avatar
  • Offline
  • Senior Member
  • Posts: 47
  • Karma: 0
Hi,
Can you explain how to create field level access control in suitecrm. If there is any plug in like sugarcrm. If you have plugin for field level access control then please share the link.
If we achieve using code then how to code?

Thank you
The administrator has disabled public write access.

Field level access control 1 year 2 days ago #66131

  • pgr
  • pgr's Avatar
  • Offline
  • Administrator
  • Posts: 9857
  • Thank you received: 1469
  • Karma: 349
I've seen this requested before, but to my knowledge, it's not possible, and there is no plug-in for that (although you can always search the SuiteCRM Store - if it exists, it's there).

Normally you can find ways to achieve the same business requirements without this feature, but of course that depends on your specific case.

My SuiteCRM In-depth blog.
Thank you for always stating your SuiteCRM version, checking your logs, reading the Docs, and searching before you ask!
The administrator has disabled public write access.

Field level access control 11 months 2 weeks ago #67233

  • niraleeraval
  • niraleeraval's Avatar
  • Offline
  • New Member
  • Posts: 16
  • Karma: 0
pragneshc wrote:
Hi,
Can you explain how to create field level access control in suitecrm. If there is any plug in like sugarcrm. If you have plugin for field level access control then please share the link.
If we achieve using code then how to code?

Thank you


Yes, field level access control plugin is also available for suitecrm. You can view the more features at www.appjetty.com/suitecrm-field-level-access-control.htm
The administrator has disabled public write access.

Field level access control 2 months 1 week ago #78900

  • loba85
  • loba85's Avatar
  • Offline
  • New Member
  • Posts: 13
  • Thank you received: 1
  • Karma: 0
Hi everybody,
I found a solution to handle the field level access. I'm gonna show you my case.
I added a custom field "cost" to the Project Task Module. Users belong to the group "Professionisti" can access to the Project Task Detail View and have just the "view" permission, setted as usual under Security Suite. Well, now I want to hide just the custom field "cost" from them, nothing else.
In custom/modules/ProjectTask/metadata/detailviewdefs.php, under "cost" definition, I add the "hideFrom" array:
array (
 0 =>
  array (
   'name' => 'cost_c',
   'label' => 'LBL_COST',
   'hideFrom' => array('Professionisti',[OTHER GROUPS]),
   ),
...
"hideFrom" array brings all the names of the groups I want my custom field to be hidden from. This change should be upgrade-safe if I'm not wrong.
After that, I make my Custom Detail View with my own display() method:
class CustomProjectTaskViewDetail extends ViewDetail
{

  public function display(){

    require_once 'modules/Administration/QuickRepairAndRebuild.php';
    $repair= new RepairAndClear();
    $repair->show_output = false;
    $repair->clearThemeCache(); //Always clear theme cache

    global $current_user;
    $userGroups = SecurityGroup::getUserSecurityGroups($current_user->id);

    foreach ($this->dv->defs['panels'] as &$panel) {
      foreach ($panel as &$row) {
        foreach ($row as &$field) {
          if(is_array($field) && array_key_exists('hideFrom', $field)){
            foreach ($userGroups as $group) {
              if(array_search($group['name'], $field['hideFrom']) !== false){
                $field = ''; //hide the field
                break;
              }
            }
          }
        }
      }
    }

    parent::display();
  }

}

As the first step, I need to clear the theme cache because our view is dynamic now, and we cannot use the cached version (thanks to this post). After that, I get the current user groups and I'm looking for them in the array "hideFrom", loaded to the view object by predisplay() method. If I find a group in the black list, I delete that field from the layout definitions. In the end, call display() method.
If you want to hide other fields, just do the same additions in the view definition file.

Hope this helps.
Bye
Last Edit: 2 months 1 week ago by loba85.
The administrator has disabled public write access.

Field level access control 2 months 1 week ago #78924

  • pgr
  • pgr's Avatar
  • Offline
  • Administrator
  • Posts: 9857
  • Thank you received: 1469
  • Karma: 349
Thanks for that, it looks clean and useful.

A couple of questions come to mind -

1. You could probably make the cache cleaning conditional - clean only if 'hideFrom' intersects with fields array, meaning: only if we have something to hide.

2. I am assuming you used code from the current ViewDetail function to start your own override code. Where exactly is that located? I am wondering if we couldn't just put this into the core code and make it a generic feature for everyone... that would be quite cool.

My SuiteCRM In-depth blog.
Thank you for always stating your SuiteCRM version, checking your logs, reading the Docs, and searching before you ask!
The administrator has disabled public write access.

Field level access control 2 months 1 week ago #78947

  • loba85
  • loba85's Avatar
  • Offline
  • New Member
  • Posts: 13
  • Thank you received: 1
  • Karma: 0
Hello pgr,
really thank you for your interest!

1) You are right. The cache cleaning part should be place inside the 'if condition', but if I put it there, I got an unexpected behavior: imagine that I open the project task detail view as administrator (I can see everything), and after that, I logout and login as one of the group that I would to hide something from. Well, I still see the field that should be hidden, and after one refresh of the page, sometimes two, the field disappears. Cleaning the cache each time fix the problem. This is just a workaround, do you have any idea why? It seems that something is cached anyway if I do not clean the cache each time.

2)I extend the Module Detail View with mine. Anyway, I work on make the code more clear and usable. I create a Class inside custom/include/ folder and use the object 'handler' (what ugly name!) as I need.
//custom/modules/ProjectTask/views/view.detail.php

if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');

require_once('include/MVC/View/views/view.detail.php');
require_once ('custom/include/viewHandler.php');

class CustomProjectTaskViewDetail extends ViewDetail
{
  private $handler;

  function predisplay(){
    $this->handler = new viewHandler();
    $this->handler->lockFor_detail($this);
    parent::predisplay();
  }

  public function display(){
    $this->handler->hideFrom_detail($this);
    $this->handler->clearCache();
    parent::display();
  }

}

As you can see, I upgraded my code with 'lockFor' function in the predisplay() part. That has the same logic of 'hideFrom' but permits to enable or disable the inline edit of the view based on user group. I set the 'lockedFor' property in this file:
//custom/modules/ProjectTask/Ext/Vardefs/locked_fields.php
$dictionary['ProjectTask']['fields']['date_due']['lockedFor']=array('Professionisti,[OTHER GROUPS]');

In this way, we can manage single field permission (read&write or read only) in the detail view.
Now I work on extend those functionality to the list view and to the edit view. If you want, I will contact you in a few days to inform you about.

Bye.
The administrator has disabled public write access.

Field level access control 2 months 1 week ago #79001

  • pgr
  • pgr's Avatar
  • Offline
  • Administrator
  • Posts: 9857
  • Thank you received: 1469
  • Karma: 349
I believe this would be a nice feature to add to the core code, if we can get it to work properly and solve all the caching issues.

The way you're approaching also seems good to me, it is totally backwards-compatible and only affects people who opt to use the feature by adding to their vardefs.

So, yes, please do keep me up to date on your developments. Thanks!

My SuiteCRM In-depth blog.
Thank you for always stating your SuiteCRM version, checking your logs, reading the Docs, and searching before you ask!
The administrator has disabled public write access.

Field level access control 1 month 3 days ago #82085

  • pbperche
  • pbperche's Avatar
  • Offline
  • New Member
  • Posts: 10
  • Thank you received: 2
  • Karma: 0
Hello,

Very interesting topic.
I was trying to do similar things and that would be indeed a very good idea to have these kind of feature in the core code.

loba85, could you manage to do similar things with list views or popup views?

I tried, but for the moment, I can't manage to access list view or popup view metadata the same way you did it in your 'handler' class.

$this->dv for detail view works fine
$this->ev for edit view works fine

=> how to access list view or popup view defs ?

Thanks a lot in advance for your help.

PB
The administrator has disabled public write access.
Time to create page: 0.043 seconds
Powered by Kunena Forum