Announcement

Collapse
No announcement yet.

Creating and editing user without giving administration access

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Creating and editing user without giving administration access

    How to give access to a User(team lead) for creating and editing user without giving administration access

  • #2
    Hi,
    you need to override the Acl of user entity

    https://github.com/espocrm/espocrm/b...o/Acl/User.php
    https://forum.espocrm.com/forum/deve...default-filter - here you can find an example, how to override Acl in upgrade safe way

    override scope definition of User entity
    in custom/Espo/Custom/Resources/metadata/scopes/User.json
    https://github.com/espocrm/espocrm/b...s/User.json#L6 - add 'create' in list
    https://github.com/espocrm/espocrm/b...s/User.json#L8 - add 'team' in list

    Administration > Clear Cache.

    Now you can set a permission for User scope in a Role.

    Maybe you need to override the views as well

    https://www.espocrm.com/documentatio.../custom-views/
    https://github.com/espocrm/espocrm/b...d/edit.js#L112
    Job Offers and Requests

    Find Developer
    Find Customer

    Comment


    • #3
      Hi,

      I override the Acl of User.php and done the changes you have mentioned above.but no changes at all.
      Here is the code
      custom/Espo/Custom/Acl/User.php
      <?php
      namespace Espo\Custom\Acl;
      use \Espo\Entities\User as EntityUser;
      use \Espo\ORM\Entity;

      class User extends \Espo\Core\Acl\Base {

      public function checkEntityCreate(EntityUser $user, Entity $entity, $data) {

      if ($user->isAdmin()) {
      return $this->checkEntity($user, $entity, $data, 'create');

      }

      $roleList = [];
      foreach ($user->get('roles') as $role)
      $roleList[] = $role;

      foreach($roleList as $role) {
      if ($role->get('name') == 'Manager') {
      return $this->checkEntity($user, $entity, $data, 'create');
      }
      }

      }
      }
      ?>
      is it correct ?

      Comment


      • #4

        When I told you to modify the scope, it allows you to use default logic, when you can set Create permission for needed role and use default return $this->checkEntity($user, $entity, $data, 'create');
        for all users.
        Didn't check the code, but if you want to use it, call return false; in the end
        Job Offers and Requests

        Find Developer
        Find Customer

        Comment


        • #5
          ok. allowed create permission for all users.
          <?php
          namespace Espo\Custom\Acl;
          use \Espo\Entities\User as EntityUser;
          use \Espo\ORM\Entity;
          use \Espo\Core\Exceptions\Forbidden;


          class User extends \Espo\Core\Acl\Base {

          public function checkEntityCreate(EntityUser $user, Entity $entity, $data)
          {
          return $this->checkEntity($user, $entity, $data, 'create');
          }

          }
          ?>
          &
          added create and team in scope/User.json
          {
          "entity": true,
          "layouts": true,
          "tab": true,
          "acl": true,
          "aclActionList": ["create", "read", "edit"],
          "aclActionLevelListMap": {
          "edit": ["team", "own", "no"]
          },
          "customizable": true,
          "object": true,
          "is_custom":true
          }

          but still no change.

          Comment


          • #6
            did you clear the cache in Administration and refresh the page?

            content of custom/Espo/Custom/Resources/metadata/scopes/User.php
            {
            "aclActionList": ["create", "read", "edit"],
            "aclActionLevelListMap": {
            "edit": ["team", "own", "no"]
            }
            }

            Where did you get "is_custom":true? Snake-case is not used in Espo.
            Attached Files
            Last edited by tanya; 05-18-2018, 07:31 AM.
            Job Offers and Requests

            Find Developer
            Find Customer

            Comment


            • #7
              Its working now.
              Thanks for your help..

              Comment


              • #8
                Hi,
                getting error 500 while creating a user by a non admin(team lead). how to solve it?

                Comment


                • #9
                  If you get 500 error, check server error log at first.
                  Job Offers and Requests

                  Find Developer
                  Find Customer

                  Comment


                  • #10
                    hi,
                    error log from the console.
                    Attached Files

                    Comment


                    • #11
                      you show browser log, not server. If you use apache, check apache error log
                      Job Offers and Requests

                      Find Developer
                      Find Customer

                      Comment


                      • #12
                        Hi all, I'm new here but I'm already using EspoCRM with Advanced Pack for a few months. Right now I need to let the HR team create users so I followed this guide. But I`m also getting error 500.

                        The error log for espocrm says:
                        [2018-07-19 22:31:38] Espo.ERROR: API [POST]:/:controller, Params:Array ( [controller] => User ) , InputData: {"firstName":"juci","lastName":"andrade","isAct ive ":true,"isSuperAdmin":false,"teams":{"teamsIds ":[]},"gender":"","estadoCivil":"Solteiro","zonaDeAt ua o":"CENTRO","emailAddressData":[{"emailAddress":"juci@enube.me","primary":true, "op tOut":false,"invalid":false,"lower":"juci@enube.me "}],"emailAddress":"juci@enube.me","emailAddressIs Opt edOut":false,"salutationName":"Mr.","empresaDeVend asName":"Parcerias","empresaDeVendasId":"5b3a64921 4b6ce87b","cPF":"","registroIdentidade":"","empree ndimento":"","dataDeNascimento":null,"endereoPosta lCode":"","endereoStreet":"","endereoState":"","en dereoCity":"","endereoCountry":"","phoneNumberData ":[],"phoneNumber":null,"zonaatuao":[],"gerenteName":null,"gerenteId":null,"defaultTe amN ame":null,"defaultTeamId":null} - [] []
                        [2018-07-19 22:31:38] Espo.ERROR: Display Error: , Code: 500 URL: /api/v1/User [] []

                        and there is no information related to in apache log. I'm not sure, but this is happening maybe because there is no password to this user? If this is the problem, there is a way to create a user without a password?

                        Thank you very much.
                        Last edited by cristiano.sperb; 07-20-2018, 02:23 AM.

                        Comment


                        • #13
                          In general it's not supported and I haven't tested this customization, so, I can't help you
                          Job Offers and Requests

                          Find Developer
                          Find Customer

                          Comment

                          Working...
                          X