Announcement

Collapse
No announcement yet.

Creating and editing user without giving administration access

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Creating and editing user without giving administration access

    How to give access to a User(team lead) for creating and editing user without giving administration access

  • #2
    Hi,
    you need to override the Acl of user entity

    https://github.com/espocrm/espocrm/b...o/Acl/User.php
    https://forum.espocrm.com/forum/deve...default-filter - here you can find an example, how to override Acl in upgrade safe way

    override scope definition of User entity
    in custom/Espo/Custom/Resources/metadata/scopes/User.json
    https://github.com/espocrm/espocrm/b...s/User.json#L6 - add 'create' in list
    https://github.com/espocrm/espocrm/b...s/User.json#L8 - add 'team' in list

    Administration > Clear Cache.

    Now you can set a permission for User scope in a Role.

    Maybe you need to override the views as well

    https://www.espocrm.com/documentatio.../custom-views/
    https://github.com/espocrm/espocrm/b...d/edit.js#L112

    Comment


    • #3
      Hi,

      I override the Acl of User.php and done the changes you have mentioned above.but no changes at all.
      Here is the code
      custom/Espo/Custom/Acl/User.php
      <?php
      namespace Espo\Custom\Acl;
      use \Espo\Entities\User as EntityUser;
      use \Espo\ORM\Entity;

      class User extends \Espo\Core\Acl\Base {

      public function checkEntityCreate(EntityUser $user, Entity $entity, $data) {

      if ($user->isAdmin()) {
      return $this->checkEntity($user, $entity, $data, 'create');

      }

      $roleList = [];
      foreach ($user->get('roles') as $role)
      $roleList[] = $role;

      foreach($roleList as $role) {
      if ($role->get('name') == 'Manager') {
      return $this->checkEntity($user, $entity, $data, 'create');
      }
      }

      }
      }
      ?>
      is it correct ?

      Comment


      • #4

        When I told you to modify the scope, it allows you to use default logic, when you can set Create permission for needed role and use default return $this->checkEntity($user, $entity, $data, 'create');
        for all users.
        Didn't check the code, but if you want to use it, call return false; in the end

        Comment


        • #5
          ok. allowed create permission for all users.
          <?php
          namespace Espo\Custom\Acl;
          use \Espo\Entities\User as EntityUser;
          use \Espo\ORM\Entity;
          use \Espo\Core\Exceptions\Forbidden;


          class User extends \Espo\Core\Acl\Base {

          public function checkEntityCreate(EntityUser $user, Entity $entity, $data)
          {
          return $this->checkEntity($user, $entity, $data, 'create');
          }

          }
          ?>
          &
          added create and team in scope/User.json
          {
          "entity": true,
          "layouts": true,
          "tab": true,
          "acl": true,
          "aclActionList": ["create", "read", "edit"],
          "aclActionLevelListMap": {
          "edit": ["team", "own", "no"]
          },
          "customizable": true,
          "object": true,
          "is_custom":true
          }

          but still no change.

          Comment


          • #6
            did you clear the cache in Administration and refresh the page?

            content of custom/Espo/Custom/Resources/metadata/scopes/User.php
            {
            "aclActionList": ["create", "read", "edit"],
            "aclActionLevelListMap": {
            "edit": ["team", "own", "no"]
            }
            }

            Where did you get "is_custom":true? Snake-case is not used in Espo.
            Attached Files
            Last edited by tanya; 05-18-2018, 07:31 AM.

            Comment


            • #7
              Its working now.
              Thanks for your help..

              Comment


              • #8
                Hi,
                getting error 500 while creating a user by a non admin(team lead). how to solve it?

                Comment


                • #9
                  If you get 500 error, check server error log at first.

                  Comment


                  • #10
                    hi,
                    error log from the console.
                    Attached Files

                    Comment


                    • #11
                      you show browser log, not server. If you use apache, check apache error log

                      Comment


                      • #12
                        Hi all, I'm new here but I'm already using EspoCRM with Advanced Pack for a few months. Right now I need to let the HR team create users so I followed this guide. But I`m also getting error 500.

                        The error log for espocrm says:
                        [2018-07-19 22:31:38] Espo.ERROR: API [POST]:/:controller, Params:Array ( [controller] => User ) , InputData: {"firstName":"juci","lastName":"andrade","isAct ive ":true,"isSuperAdmin":false,"teams":{"teamsIds ":[]},"gender":"","estadoCivil":"Solteiro","zonaDeAt ua o":"CENTRO","emailAddressData":[{"emailAddress":"juci@enube.me","primary":true, "op tOut":false,"invalid":false,"lower":"juci@enube.me "}],"emailAddress":"juci@enube.me","emailAddressIs Opt edOut":false,"salutationName":"Mr.","empresaDeVend asName":"Parcerias","empresaDeVendasId":"5b3a64921 4b6ce87b","cPF":"","registroIdentidade":"","empree ndimento":"","dataDeNascimento":null,"endereoPosta lCode":"","endereoStreet":"","endereoState":"","en dereoCity":"","endereoCountry":"","phoneNumberData ":[],"phoneNumber":null,"zonaatuao":[],"gerenteName":null,"gerenteId":null,"defaultTe amN ame":null,"defaultTeamId":null} - [] []
                        [2018-07-19 22:31:38] Espo.ERROR: Display Error: , Code: 500 URL: /api/v1/User [] []

                        and there is no information related to in apache log. I'm not sure, but this is happening maybe because there is no password to this user? If this is the problem, there is a way to create a user without a password?

                        Thank you very much.
                        Last edited by cristiano.sperb; 07-20-2018, 02:23 AM.

                        Comment


                        • #13
                          In general it's not supported and I haven't tested this customization, so, I can't help you

                          Comment


                          • #14
                            Hi tanya ,

                            I was able to edit User.json file.

                            However, when a non-admin user tries to create a user, it shows "..." for most of the fields (check screenshot).

                            They can't assign username, password or any other fields besides name, email and phone.

                            Do you know what we are missing?

                            Thanks a lot.
                            Pablo
                            Attached Files

                            Comment


                            • #15
                              Originally posted by Pablo View Post
                              Hi tanya ,

                              I was able to edit User.json file.

                              However, when a non-admin user tries to create a user, it shows "..." for most of the fields (check screenshot).

                              They can't assign username, password or any other fields besides name, email and phone.

                              Do you know what we are missing?

                              Thanks a lot.
                              Pablo
                              It's like that for me too. there is a solution?

                              Comment

                              Working...
                              X