Tweet
Hi to all,
I'm developing an improvement to field level security that gives the ability to set 'team' option for field security. The 'team' should involve showing the field on a record by record basis only if the user belongs to a team which is also assigned to the record. I was able to successfully work on the service php part (Acl etc) to evolve the logic to suppress - prepareEntityForOutput() the related fields in json output. But now I'm in trouble on the client side.
I initially thought that suppressing a field in json output would do the job but... if I'm understanding it right there's the same acl logic implemented in js ... acl-manager.js- it's a bit surprising to me... So first question: why the client has ti check for a forbidden attribute list by itself when the server does not provide the related field?
My second question is: which is your preferred way to debug js in Espo? I don't see any JS Source Maps in the code to map js for debugging it... and backbone makes it difficult to find js in browser debugger...
thanks so much,
Michele
I'm developing an improvement to field level security that gives the ability to set 'team' option for field security. The 'team' should involve showing the field on a record by record basis only if the user belongs to a team which is also assigned to the record. I was able to successfully work on the service php part (Acl etc) to evolve the logic to suppress - prepareEntityForOutput() the related fields in json output. But now I'm in trouble on the client side.
I initially thought that suppressing a field in json output would do the job but... if I'm understanding it right there's the same acl logic implemented in js ... acl-manager.js- it's a bit surprising to me... So first question: why the client has ti check for a forbidden attribute list by itself when the server does not provide the related field?
Code:
getScopeForbiddenAttributeList: function (scope, action, thresholdLevel) { action = action || 'read'; thresholdLevel = thresholdLevel || 'no'; var key = scope + '_' + action + '_' + thresholdLevel; if (key in this.forbiddenAttributesCache) { return this.forbiddenAttributesCache[key]; } var levelList = this.fieldLevelList.slice(this.fieldLevelList.indexOf(thresholdLevel)); var fieldTableQuickAccess = this.data.fieldTableQuickAccess || {}; var scopeData = fieldTableQuickAccess[scope] || {}; var attributesData = scopeData.attributes || {}; var actionData = attributesData[action] || {}; var attributeList = []; levelList.forEach(function (level) { var list = actionData[level] || []; list.forEach(function (attribute) { if (~attributeList.indexOf(attribute)) return; attributeList.push(attribute); }, this); }, this); this.forbiddenAttributesCache[key] = attributeList; return attributeList; },
thanks so much,
Michele
Comment