Select entity for relationship panel

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • manuel7b
    Member
    • Sep 2017
    • 33

    Select entity for relationship panel

    Hi,

    I have this scenario:

    - I have a team with only Read permission on Contracts enabled for its role
    - admin user creates a Contract and pick a user from the above team as the Assigned user
    - from Layout Manager, admin adds Contract in Detail and in Relationship Panels
    - the user logs in and goes into the details of the Account which is Contractor on the previously created Contract
    - the user can select another contract from the Contracts item in Details, but gets an Error 403 if she tries to select an item for the Relationship Panel
    - the only way to make the Relationship panel work is to enable the Edit permission for Contracts in the Role assigned to the Team the user belongs to

    Is there a way to make the Relation Panel work without changing the permissions? I don't want the user to be able to Edit the Contracts.


    Thank you
    Last edited by manuel7b; 10-19-2017, 07:36 AM.
  • manuel7b
    Member
    • Sep 2017
    • 33

    #2
    Sorry, forgot to write that Contract is a custom Entity with Many-to-One relationship to Account.

    Comment

    • tanya
      Senior Member
      • Jun 2014
      • 4308

      #3
      Hello

      You can redefine rowActionsView class in clientDefs in relationshipPanels section. Then add your action to your view class.

      Hello, I know that I can remove the select, create, and remove actions from record list views in a relationship panel via clientDefs, e.g.:

      Comment

      • manuel7b
        Member
        • Sep 2017
        • 33

        #4
        Hi Tanya,

        thanks for your reply. I can already see the action Select on the Relationship Panel. The problem is when I try to select a record from the modal that appears upon pressing Select.

        Comment

        • tanya
          Senior Member
          • Jun 2014
          • 4308

          #5
          Did you set select and create properties in false?
          Code:
          "select": false,
                  "create": false

          Comment

          • manuel7b
            Member
            • Sep 2017
            • 33

            #6
            The actions are already set as expected.

            The problem is in the modal panel. When I try to select the Contract from within the modal panel I get Error 403 Access Denied.

            Comment

            • tanya
              Senior Member
              • Jun 2014
              • 4308

              #7
              Check permissions (roles)

              Comment

              • manuel7b
                Member
                • Sep 2017
                • 33

                #8
                As I have already written, the team which the user belongs to has only Read permission on Contracts enabled for its role.

                Everything works fine if I set the Edit permission, but I don't want the user to be able to Edit the Contracts. She must only be able to select them in the relationship panel and view them.

                Comment

                • manuel7b
                  Member
                  • Sep 2017
                  • 33

                  #9
                  This code, taken from client/src/views/modals/select-records.js:

                  PHP Code:
                  onClick: function (dialog) {
                                          var listView = this.getView('list');
                  
                                          if (listView.allResultIsChecked) {
                                              var where = this.collection.where;
                                              this.trigger('select', {
                                                  massRelate: true,
                                                  where: where
                                              });
                                          } else {
                                              var list = listView.getSelected();
                                              if (list.length) {
                                                  this.trigger('select', list);
                                              }
                                          }
                                          dialog.close();
                                      } 
                  

                  What does

                  PHP Code:
                  this.trigger('select', list) 
                  
                  do? I mean, what JS/PHP file is being called? How can I find what SELECT does?

                  Comment

                • manuel7b
                  Member
                  • Sep 2017
                  • 33

                  #10
                  Ok, thanks. Am I right assuming the Select in the Modal panel is using select-records.js?

                  Comment


                  • tanya
                    tanya commented
                    Editing a comment
                    in general - yes. But not sure, you can avoid acl here. You also have controllers on backend side

                  • manuel7b
                    manuel7b commented
                    Editing a comment
                    Could you please explain how I can avoid/bypass acl in this particular case?
                • manuel7b
                  Member
                  • Sep 2017
                  • 33

                  #11
                  I was able to replicate the exact same issue with Opportunities. The role assigned to the team the user belongs to has Read ('all') permission. She can see the Opportunity assigned to her in the modal panel, but she gets a 403 error when trying to select it within the modal panel.

                  This is happening in the Opportunities relationship panel in the Contact detail page.
                  Last edited by manuel7b; 10-20-2017, 10:24 AM.

                  Comment

                  • manuel7b
                    Member
                    • Sep 2017
                    • 33

                    #12
                    In the browser console, I see this error:

                    HTML Code:
                    POST http://localhost:4000/api/v1/Contact.../opportunities 403 (Forbidden)
                    Where can I configure/disable the ACL for a particular Relationship panel? Is it client-side? Is it server-side?

                    Comment

                    • manuel7b
                      Member
                      • Sep 2017
                      • 33

                      #13
                      Still trying to understand how this all thing works.

                      In client/src/views/detail.js, this is the code that triggers the above mentioned POST:

                      PHP Code:
                      $.ajax({
                        url: self.scope + '/' + self.model.id + '/' + link,
                        type: 'POST',
                        data: JSON.stringify(data),
                        success: function () {
                        this.notify('Linked', 'success');
                        this.updateRelationshipPanel(link);
                        this.model.trigger('after:relate');
                       }.bind(this),
                       error: function () {
                        this.notify('Error occurred', 'error');
                       }.bind(this)
                      }) 
                      

                      The url in that snippet is: Account/59b6a784df8d06718/xContracts

                      What server-side code replies to this Ajax POST?

                      Comment


                      • tanya
                        tanya commented
                        Editing a comment
                        application/Espo/Resources/routes.json
                        "route":"/:controller/:id/:link",
                    • manuel7b
                      Member
                      • Sep 2017
                      • 33

                      #14
                      Thanks tanya.

                      That pointed me to actionCreateLink in application/Espo/Core/Controllers/Record.php.

                      I can't see anything related to ACL in this method, at least to the best of my knowledge. Should I override this method somewhere?

                      Comment

                      • tanya
                        Senior Member
                        • Jun 2014
                        • 4308

                        #15
                        Of course you can override the controller. Better to change it for particular entity, not in core for all entities
                        Hi, I have 5 Team Leaders... each has 10 Appointment Bookers underneath... the job of Appointment Bookers is to go thru Leads that were assigned to them by

                        Comment

                        Working...