Can an account or contact be made private?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • dugjohnson
    Member
    • Jan 2015
    • 38

    Can an account or contact be made private?

    Of the 7K accounts we have, there are a very few that I would like available to admins only.
    Is there a way to make an account and/or a contact "private" without having to institute teams everywhere?
    Our normal is that everyone has access to all accounts and contacts.
    I want to turn off access to a few accounts

    An idea has occurred to me that I could create a boolean field, private, and then set an automatic filter for .not. private.

    Possible? If so, can you point me where I'd set the filter?
    Last edited by dugjohnson; 05-17-2017, 06:38 PM.
  • tanya
    Senior Member
    • Jun 2014
    • 4308

    #2
    Hello

    Create a role with access level to Accounts and Contacts as "own".
    Assign this role to needed users (users list view > select needed > actions > mass update > roles > select created > clear cache)

    more info is here https://github.com/espocrm/documenta...-management.md

    If you want to hide just few records, you can create such boolean field, but also you need to override Acl of your entity (examples application/Espo/Modules/Crm/Acl)

    Comment

    • dugjohnson
      Member
      • Jan 2015
      • 38

      #3
      Right now all users have access to all Accounts and Contacts, and there are no teams assigned (or very few) to Accounts and Contacts. This was a conversion from an older system with 10 years of data...that's why there is so much.
      I understand about the role aspect, but assigning a Team to each Contact and Account, then limiting access has some danger and the mass update only assigns to the selected contacts and accounts and there does not appear to be a way to select all 7000 Accounts for the mass update.

      Since I do just want to hide a few records, are you saying I should create an Account.php and a Contact.php file and put them in the application/Espo/Modules/Crm/Acl directory (or custom?) with a checkEntityRead method for my logic?

      Comment

      • tanya
        Senior Member
        • Jun 2014
        • 4308

        #4
        You can do it in custom folder. Yes, method name is checkEntityRead.

        Comment

        • dugjohnson
          Member
          • Jan 2015
          • 38

          #5
          The false returns are not stopping access.

          I have created a file custom/Espo/Custom/Acl/Account.php as below

          Code:
          <?php
          namespace Espo\Acl;  
          use \Espo\Entities\User as EntityUser;
          use \Espo\ORM\Entity;  
          
          class Account extends \Espo\Core\Acl\Base {    
          
          public function checkEntityRead(EntityUser $user, Entity $entity, $data) {          
               if ($user->isAdmin()) {
                       return true;          
               }
               if ($entity->get('private')){
                       return false;          
               }          
              return true;      
            }  
          }
          I've also tried it with just a return false at the beginning (expecting that all access would be denied) and that didn't limit it either.
          Either I'm in the wrong place or my Acl is being overwritten further down the line or I don't understand something about the process.
          The code is getting called
          Last edited by dugjohnson; 05-29-2017, 10:00 PM.

          Comment

          • tanya
            Senior Member
            • Jun 2014
            • 4308

            #6
            Hello
            You use wrong namespace. Change it to namespace Espo\Custom\Acl;
            And rebuild EspoCRM

            Comment

            • dugjohnson
              Member
              • Jan 2015
              • 38

              #7
              The effect is not what I would expect. I put in the return false (see below) so it would always block just so I could test.

              What I would expect:
              When I go to Accounts I would see an empty list (all accounts blocked)

              What I see
              When I go to Accounts, I see the listing of all of the accounts
              When I click on one of the accounts, I get a 403 error at the top of the page and
              Then Espo goes to the account and shows it

              So, there is some effect, but it is not blocking

              And by rebuild EspoCRM you mean using rebuild backend as Administrator, correct?


              Code:
              namespace Espo\Custom\Acl;
              
              use \Espo\Entities\User as EntityUser;
              use \Espo\ORM\Entity;
              
              class Account extends \Espo\Core\Acl\Base
              {
              
              
                  public function checkEntityRead(EntityUser $user, Entity $entity, $data)
                  {
                     return false;
              
                     if ($user->isAdmin()) {
                          return true;
                      }
                      if ($entity->get('private')){
                          return false;
                      }
                      return true;
                  }
              }
              Last edited by dugjohnson; 05-31-2017, 12:56 PM.

              Comment

              • tanya
                Senior Member
                • Jun 2014
                • 4308

                #8
                Hi there in Document entity, i add a boolean attribute &quot;financialConfidentiality&quot;. I want to control the read access to the &quot;documents&quot;

                Comment

                Working...