Allow regular users to create new teams and users

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • DFerati
    Junior Member
    • Apr 2024
    • 19

    Allow regular users to create new teams and users

    Hello, and thank you for reading

    I am a web developer, recently espo was a perfect fit for my needs when it came to a foreign client, but I had to make some modifications, however I have been stuck tying to find a way to modify a role that should have the ability to create new users and new teams, my goal is to copy the permissions like the underlined green entity, to the underlined red entities,

    Thank you for reading.
  • yuri
    Member
    • Mar 2014
    • 8440

    #2
    Hi,

    I'm not sure if there's a simple solution. If you allow "create" action in metadata, there are other internal restrictions.

    custom/Espo/Custom/Resources/metadata/scopes/User.json

    Code:
    {
        "aclActionList": ["create", "read", "edit"]​
    }
    Disclaimer. I do not recommend this change. Issues are possible.
    If you find EspoCRM good, we would greatly appreciate if you could give the project a star on GitHub. We believe our work truly deserves more recognition. Thanks.

    Comment

    • DFerati
      Junior Member
      • Apr 2024
      • 19

      #3
      Thanks for the fast reply Yuri,

      I managed to allow permissions to allow the editing of the Teams and Users permission when creating roles, since then I've been trying to research the code for a solution for 2 problems:

      1. In the database, it appears to be correctly assigned the permission, however when I try to Edit/Create an user other than the one currently logged in, I get access denied, (obviously no create/edit access)

      2. I do have access to the edit page on users, however few inputs are not correctly being displayed, they appear as 'Read Only' and I believe it's because I need to create a new custom view regarding the detail.js and edit.js files

      My requests would be as follows:

      for the first issue, how and where do I modify the code, to give permissions for the regular users to modify the team member details (Keep in mind I already have the database setup correctly)

      and for the second issue, I was tweaking around with the view but I believe I am misunderstanding how the custom view extensions work, If possible please drop some insights as to how do I properly modify the file regarding the files located at: */client/src/views/user/record and my custom path at: /client/custom/src/views/user/record. my main goal is to modify the 'hardcoded' part "this.getUser().isAdmin()" to a metadata config of "this.getAcl().checkScope('User', 'create')"

      Edit:I also had a little issue trying to debug the changes I had implemented, as an extra note: if you could also drop some more insights as to what is an efficient way to debug for future reference.

      Thanks in advance.
      Last edited by DFerati; 04-15-2024, 02:22 PM. Reason: Added a new sidenote.

      Comment

      • binshadme
        Junior Member
        • Oct 2022
        • 13

        #4
        Originally posted by yuri
        Hi,

        I'm not sure if there's a simple solution. If you allow "create" action in metadata, there are other internal restrictions.

        custom/Espo/Custom/Resources/metadata/scopes/User.json

        Code:
        {
        "aclActionList": ["create", "read", "edit"]​
        }
        Disclaimer. I do not recommend this change. Issues are possible.
        tried this. but getting error saying " access denied, no create access " while creating user.

        Comment

        • DFerati
          Junior Member
          • Apr 2024
          • 19

          #5
          Hi binshadme, Thanks for your reply.

          The issue stands in a larger scale than I first anticipated, the reason is the way espoCRM handles the permission in our case is based on the User->Type column in the database, to allow other users, you must refactor the logic from "this->getUser().isAdmin" *Which only checks if user is of type admin.

          A possible solution is by extending the functions and checking the permissions from the user ACL, it's a bit of work, but it should work as expected

          Comment

          Working...