How to give access to a User(team lead) for creating and editing user without giving administration access
Announcement
Collapse
No announcement yet.
Creating and editing user without giving administration access
Collapse
X
-
Hi,
you need to override the Acl of user entity
EspoCRM – Open Source CRM Application. Contribute to espocrm/espocrm development by creating an account on GitHub.
https://forum.espocrm.com/forum/deve...default-filter - here you can find an example, how to override Acl in upgrade safe way
override scope definition of User entity
in custom/Espo/Custom/Resources/metadata/scopes/User.json
https://github.com/espocrm/espocrm/b...s/User.json#L6 - add 'create' in list
https://github.com/espocrm/espocrm/b...s/User.json#L8 - add 'team' in list
Administration > Clear Cache.
Now you can set a permission for User scope in a Role.
Maybe you need to override the views as well
-
Hi,
I override the Acl of User.php and done the changes you have mentioned above.but no changes at all.
Here is the code
custom/Espo/Custom/Acl/User.php
<?php
namespace Espo\Custom\Acl;
use \Espo\Entities\User as EntityUser;
use \Espo\ORM\Entity;
class User extends \Espo\Core\Acl\Base {
public function checkEntityCreate(EntityUser $user, Entity $entity, $data) {
if ($user->isAdmin()) {
return $this->checkEntity($user, $entity, $data, 'create');
}
$roleList = [];
foreach ($user->get('roles') as $role)
$roleList[] = $role;
foreach($roleList as $role) {
if ($role->get('name') == 'Manager') {
return $this->checkEntity($user, $entity, $data, 'create');
}
}
}
}
?>
is it correct ?
Comment
-
When I told you to modify the scope, it allows you to use default logic, when you can set Create permission for needed role and use default return $this->checkEntity($user, $entity, $data, 'create');
for all users.
Didn't check the code, but if you want to use it, call return false; in the end
Comment
-
ok. allowed create permission for all users.
<?php
namespace Espo\Custom\Acl;
use \Espo\Entities\User as EntityUser;
use \Espo\ORM\Entity;
use \Espo\Core\Exceptions\Forbidden;
class User extends \Espo\Core\Acl\Base {
public function checkEntityCreate(EntityUser $user, Entity $entity, $data)
{
return $this->checkEntity($user, $entity, $data, 'create');
}
}
?>
&
added create and team in scope/User.json
{
"entity": true,
"layouts": true,
"tab": true,
"acl": true,
"aclActionList": ["create", "read", "edit"],
"aclActionLevelListMap": {
"edit": ["team", "own", "no"]
},
"customizable": true,
"object": true,
"is_custom":true
}
but still no change.
Comment
-
did you clear the cache in Administration and refresh the page?
content of custom/Espo/Custom/Resources/metadata/scopes/User.php
{
"aclActionList": ["create", "read", "edit"],
"aclActionLevelListMap": {
"edit": ["team", "own", "no"]
}
}
Where did you get "is_custom":true? Snake-case is not used in Espo.Last edited by tanya; 05-18-2018, 07:31 AM.
Comment
-
Hi all, I'm new here but I'm already using EspoCRM with Advanced Pack for a few months. Right now I need to let the HR team create users so I followed this guide. But I`m also getting error 500.
The error log for espocrm says:
[2018-07-19 22:31:38] Espo.ERROR: API [POST]:/:controller, Params:Array ( [controller] => User ) , InputData: {"firstName":"juci","lastName":"andrade","isAct ive ":true,"isSuperAdmin":false,"teams":{"teamsIds ":[]},"gender":"","estadoCivil":"Solteiro","zonaDeAt ua o":"CENTRO","emailAddressData":[{"emailAddress":"juci@enube.me","primary":true, "op tOut":false,"invalid":false,"lower":"juci@enube.me "}],"emailAddress":"juci@enube.me","emailAddressIs Opt edOut":false,"salutationName":"Mr.","empresaDeVend asName":"Parcerias","empresaDeVendasId":"5b3a64921 4b6ce87b","cPF":"","registroIdentidade":"","empree ndimento":"","dataDeNascimento":null,"endereoPosta lCode":"","endereoStreet":"","endereoState":"","en dereoCity":"","endereoCountry":"","phoneNumberData ":[],"phoneNumber":null,"zonaatuao":[],"gerenteName":null,"gerenteId":null,"defaultTe amN ame":null,"defaultTeamId":null} - [] []
[2018-07-19 22:31:38] Espo.ERROR: Display Error: , Code: 500 URL: /api/v1/User [] []
and there is no information related to in apache log. I'm not sure, but this is happening maybe because there is no password to this user? If this is the problem, there is a way to create a user without a password?
Thank you very much.Last edited by cristiano.sperb; 07-20-2018, 02:23 AM.
Comment
-
Hi tanya ,
I was able to edit User.json file.
However, when a non-admin user tries to create a user, it shows "..." for most of the fields (check screenshot).
They can't assign username, password or any other fields besides name, email and phone.
Do you know what we are missing?
Thanks a lot.
Pablo
- Likes 1
Comment
-
Originally posted by Pablo View PostHi tanya ,
I was able to edit User.json file.
However, when a non-admin user tries to create a user, it shows "..." for most of the fields (check screenshot).
They can't assign username, password or any other fields besides name, email and phone.
Do you know what we are missing?
Thanks a lot.
Pablo
- Likes 1
Comment
Comment