Tweet
Hello,
we've got a ACL function "checkAccessToPrivateEvents" which works very well. But we've got also an SelectManagers function "access" which doesn't allow "Entity $entity", so we can't call the "checkAccessToPrivateEvents" function from here. Is there another way to get the "assignedUserID" for the "checkAccessToPrivateEvents" function, so we haven't pass the entity by function?
Besuch.php in custom\Espo\Custom\Acl ==> WORKS
Besuch.php in custom\Espo\Custom\ServiceManagers ==> DOESN'T WORK
we've got a ACL function "checkAccessToPrivateEvents" which works very well. But we've got also an SelectManagers function "access" which doesn't allow "Entity $entity", so we can't call the "checkAccessToPrivateEvents" function from here. Is there another way to get the "assignedUserID" for the "checkAccessToPrivateEvents" function, so we haven't pass the entity by function?
Besuch.php in custom\Espo\Custom\Acl ==> WORKS
PHP Code:
<?php
namespace Espo\Custom\Acl;
use \Espo\Entities\User as EntityUser;
use \Espo\ORM\Entity;
use \Espo\Core\Exceptions\Forbidden;
class Besuch extends \Espo\Core\Acl\Base {
public function checkEntityRead(EntityUser $user, Entity $entity) {
if ($entity->get('privateEvent')) {
return $this->checkAccessToPrivateEvents($user);
}
return true;
}
public function checkAccessToPrivateEvents(EntityUser $user, Entity $entity) {
if($user->isAdmin()) {
return true;
}
$owner = $entity->get('assignedUserID');
if ($user->id === $owner) {
return true;
}
return false;
}
}
Besuch.php in custom\Espo\Custom\ServiceManagers ==> DOESN'T WORK
PHP Code:
<?php
namespace Espo\Custom\SelectManagers;
use \Espo\ORM\Entity;
class Besuch extends \Espo\Core\SelectManagers\Base
{
protected function access(Entity $entity, &$result) {
$user = $this->user;
if ($this->getSeed()->hasAttribute('privateEvent')) {
if(! $this->getAclManager()->getImplementation('Besuch')->checkAccessToPrivateEvents($user, $entity)) {
$result['whereClause'][] = array(
'privateEvent' => false
);
}
}
parent::access($entity, $result);
}
}
Comment