Creating and editing user without giving administration access

Hi,
you need to override the Acl of user entity


https://forum.espocrm.com/forum/deve...default-filter - here you can find an example, how to override Acl in upgrade safe way

override scope definition of User entity
in custom/Espo/Custom/Resources/metadata/scopes/User.json
https://github.com/espocrm/espocrm/b...s/User.json#L6 - add 'create' in list
https://github.com/espocrm/espocrm/b...s/User.json#L8 - add 'team' in list

Administration > Clear Cache.

Now you can set a permission for User scope in a Role.

Maybe you need to override the views as well

Hi,

I override the Acl of User.php and done the changes you have mentioned above.but no changes at all.
Here is the code
custom/Espo/Custom/Acl/User.php
<?php
namespace Espo\Custom\Acl;
use \Espo\Entities\User as EntityUser;
use \Espo\ORM\Entity;

class User extends \Espo\Core\Acl\Base {

public function checkEntityCreate(EntityUser $user, Entity $entity, $data) {

if ($user->isAdmin()) {
return $this->checkEntity($user, $entity, $data, 'create');

}

$roleList = [];
foreach ($user->get('roles') as $role)
$roleList[] = $role;

foreach($roleList as $role) {
if ($role->get('name') == 'Manager') {
return $this->checkEntity($user, $entity, $data, 'create');
}
}

}
}
?>
is it correct ?

When I told you to modify the scope, it allows you to use default logic, when you can set Create permission for needed role and use default return $this->checkEntity($user, $entity, $data, 'create');
for all users.
Didn't check the code, but if you want to use it, call return false; in the end

ok. allowed create permission for all users.
<?php
namespace Espo\Custom\Acl;
use \Espo\Entities\User as EntityUser;
use \Espo\ORM\Entity;
use \Espo\Core\Exceptions\Forbidden;


class User extends \Espo\Core\Acl\Base {

public function checkEntityCreate(EntityUser $user, Entity $entity, $data)
{
return $this->checkEntity($user, $entity, $data, 'create');
}

}
?>
&
added create and team in scope/User.json
{
"entity": true,
"layouts": true,
"tab": true,
"acl": true,
"aclActionList": ["create", "read", "edit"],
"aclActionLevelListMap": {
"edit": ["team", "own", "no"]
},
"customizable": true,
"object": true,
"is_custom":true
}

but still no change.

did you clear the cache in Administration and refresh the page?

content of custom/Espo/Custom/Resources/metadata/scopes/User.php
{
"aclActionList": ["create", "read", "edit"],
"aclActionLevelListMap": {
"edit": ["team", "own", "no"]
}
}

Where did you get "is_custom":true? Snake-case is not used in Espo.

Its working now.
Thanks for your help..

Hi,
getting error 500 while creating a user by a non admin(team lead). how to solve it?

If you get 500 error, check server error log at first.

hi,
error log from the console.

you show browser log, not server. If you use apache, check apache error log

Hi all, I'm new here but I'm already using EspoCRM with Advanced Pack for a few months. Right now I need to let the HR team create users so I followed this guide. But I`m also getting error 500.

The error log for espocrm says:
[2018-07-19 22:31:38] Espo.ERROR: API [POST]:/:controller, Params:Array ( [controller] => User ) , InputData: {"firstName":"juci","lastName":"andrade","isAct ive ":true,"isSuperAdmin":false,"teams":{"teamsIds ":[]},"gender":"","estadoCivil":"Solteiro","zonaDeAt ua o":"CENTRO","emailAddressData":[{"emailAddress":"juci@enube.me","primary":true, "op tOut":false,"invalid":false,"lower":"juci@enube.me "}],"emailAddress":"juci@enube.me","emailAddressIs Opt edOut":false,"salutationName":"Mr.","empresaDeVend asName":"Parcerias","empresaDeVendasId":"5b3a64921 4b6ce87b","cPF":"","registroIdentidade":"","empree ndimento":"","dataDeNascimento":null,"endereoPosta lCode":"","endereoStreet":"","endereoState":"","en dereoCity":"","endereoCountry":"","phoneNumberData ":[],"phoneNumber":null,"zonaatuao":[],"gerenteName":null,"gerenteId":null,"defaultTe amN ame":null,"defaultTeamId":null} - [] []
[2018-07-19 22:31:38] Espo.ERROR: Display Error: , Code: 500 URL: /api/v1/User [] []

and there is no information related to in apache log. I'm not sure, but this is happening maybe because there is no password to this user? If this is the problem, there is a way to create a user without a password?

Thank you very much.

In general it's not supported and I haven't tested this customization, so, I can't help you

Hi tanya ,

I was able to edit User.json file.

However, when a non-admin user tries to create a user, it shows "..." for most of the fields (check screenshot).

They can't assign username, password or any other fields besides name, email and phone.

Do you know what we are missing?

Thanks a lot.
Pablo

It's like that for me too. there is a solution?