Announcement

Collapse
No announcement yet.

Document ACL: checkEntityRead

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Document ACL: checkEntityRead

    Hi there

    in Document entity, i add a boolean attribute "financialConfidentiality".
    I want to control the read access to the "documents" having this attribut set. It will be only accessible to users having the good role

    I add a custom ACL checkEntityRead function to control that behaviour.

    Here is the code:
    PHP Code:
    <?php
    namespace Espo\Custom\Acl;
    use     \Espo\Entities\User as EntityUser;
    use     \Espo\ORM\Entity;
    use     \Espo\Core\Exceptions\Forbidden;


    class     Document extends \Espo\Core\Acl\Base {

      public function     checkEntityRead(EntityUser $userEntity $entity$data) {
        if (    $user->isAdmin()) {
              $GLOBALS['log']->info('Document ACL read check => OK (is admin)');
          return     true;
        }

            // Document has boolean attribute 'financialConfidentiality' == true
            if ($entity->get('financialConfidentiality')) {
              $GLOBALS['log']->info('Document ACL read check => need to check roles for the user');

              $roleList = [];
          foreach (    $user->get('roles') as $role)
                $roleList[] = $role;      

          foreach(    $roleList as $role) {
            if (    $role->get('name') == 'AdminDocumentFinancier') {
                  $GLOBALS['log']->info('Document ACL read check => user has role AdminDocumentFinancier => OK');
              return     true;
            }
          }
              $GLOBALS['log']->info('Document ACL read check => FORBIDDEN ACCESS');
              #throw new Forbidden('Acces refusé...');
              return false;
        }

        return     true;
      }
    }
    When i click on a Document name link, i can see the popup message about the 403 error => meaning that the code is working fine... but, then, the red popup disappear and i have access to the Document detail view... so the ACL doesn't help a lot because the restricted document is displayed
    Click image for larger version Name: Capture d’écran 2017-07-12 à 12.44.18.png Views: 744 Size: 54.6 KB ID: 29179


    If i completely reload the page ...
    i have this given 403 access error (that's ok, that's the expected behaviour) ... and nothing is displayed...
    Click image for larger version Name: Capture d’écran 2017-07-12 à 12.43.27.png Views: 727 Size: 40.8 KB ID: 29180

    Is there a bug when clicking on the document tree, then clicking on a document name ? I don't know how to avoid to display the detail document content is the ACL is not OK

    Thanks for your feedback & support!
    I can record my screen if it's not clear :-)
    Tags: None
  • #2
    Hello
    you need to override also client acl

    as example you can use Email
    starts from application/Espo/Resources/metadata/clientDefs/Email.json 'acl' section

    Comment

    • #3
      Hi tanya

      thanks for your quick answer

      So, i created this file : client/custom/src/acl/document.js

      PHP Code:
      Espo.define('custom:acl/document''acl', function (Dep) {

          return       Dep.extend({

                    checkModelRead: function (modeldataprecise) {
                  var       result this.checkModel(modeldata'read'precise);

                  if (      result) {
                      return       true;
                  }

                  if (      data === false) {
                      return       false;
                  }

                  var       data || {};
                  if (      d.read === 'no') {
                      return       false;
                  }

                  if (      model.has('usersIds')) {
                      if (~(      model.get('usersIds') || []).indexOf(this.getUser().id)) {
                          return       true;
                      }
                  } else {
                      if (      precise) {
                          return       null;
                      }
                  }

                  return       result;
              }

          });

      }); 
      I have also created the file :
      custom/Espo/Custom/Resources/metadata/clientDefs/Document.json

      PHP Code:
      {
              "acl""custom:acl/document"

      but i still have the same behaviour

      Any idea?
      • Likes 1

      Comment

      • #4
        needs to add 'click a.link' event listener
        Code:
        if (this.getAcl().checkModel(model, 'read')) {
        before
        Code:
        this.getRouter().navigate
        in recordListView
        • Likes 1

        Comment

        • #5
          Thanks for your help!
          • Likes 1

          Comment

          • #6
            Hello!
            Raise this topic, I do not understand this point:
            Originally posted by tanya View Post
            needs to add 'click a.link' event listener
            Code:
            if (this.getAcl().checkModel(model, 'read')) {
            before
            Code:
            this.getRouter().navigate
            in recordListView
            Explain more details
            Where is the "recordListView"?

            Comment

            • #7
              espocrm/client/src/views/record/list.js at master · espocrm/espocrm
              https://github.com/espocrm/espocrm/blob/master/client/src/views/record/list.js#L96
              EspoCRM – Open Source CRM Application. Contribute to espocrm/espocrm development by creating an account on GitHub.

              Custom views - EspoCRM Documentation
              https://www.espocrm.com/documentation/development/custom-views/

              Comment

              Previous template Next
              Working...
              X