Revoke CREATE right for related Entities.

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • m.mayer
    Junior Member
    • Sep 2021
    • 9

    Revoke CREATE right for related Entities.

    I've created an Entity, which has a many-to-one relation with another entity.
    On the bottom panel layout I have put the list of the related entities.
    When i revoke the edit right for the main entity i can still create an entity in the list on the bottom panel.
    How can i prevent this?

    I've already tried to create a custom checkEntityCreate function for the child entity. However i can't check for the parent entity in there, because the id, for the child entity, does not exist yet.

    I can prevent the deletion and the edit rights for the child entities, for the exact same reason. I have access to the child id and therefore can check the related entity.
  • alter
    Member
    • Apr 2018
    • 57

    #2
    Hi, you can user beforeSave() method to block creating the child entity - you don't need to know child entity's ID at all to do this logic. Simply use beforeSave event in your method that will throw new error if parentEntity field contains data and the child entity will not be created. Example:

    PHP Code:
    protected function beforeSave(Entity $myChildEntity, array $options = [])
    {
    /** Since I am not fan of having a lot of code in beforeSave, I use
    breaking down the logic into seperate methods and calling them. **/
    $this->restrictChildEntityCreate($myChildEntity);
    }
    
    // Method to be executed on beforeSave event.
    private function restrictChildEntityCreate(Entity $myChildEntity)
    {
    $parentEntity = $myChildEntity->get('parentEntityField');
    
    if ($parentEntity != null)
    {
    // Method will return Error notification and will block saving the entity.
    return throw new Error('You cannot create child entity');
    }
    } 
    
    This way you would achieve logic that users cannot create child entity and relate it to parent - creation of child entity without parent would work.

    However if I would want to use this logic, I would expand it so administrators could create the child entity - so the logic of code would check if the calling user (user who tries to do the create) is admin or not. Example:

    PHP Code:
    use Espo\Entities\User;
    
    protected function beforeSave(Entity $myChildEntity, User $callingUser array $options = [])
    {
    /** Since I am not fan of having a lot of code in beforeSave, I use
    breaking down the logic into seperate methods and calling them. **/
    $this->restrictChildEntityCreate($myChildEntity, $callingUser);
    }
    
    // Method to be executed on beforeSave event.
    private function restrictChildEntityCreate(Entity $myChildEntity, User $callingUser)
    {
    $parentEntity = $myChildEntity->get('parentEntityField');
    
    if ($parentEntity != null && $callingUser->isAdmin() === false)
    {
    // Method will return Error notification and will block saving the entity.
    return throw new Error('You cannot create child entity');
    }
    } 
    
    Of course it will block if the user would create child entity without parent first and then tried to update it with parent entity.
    Last edited by alter; 09-22-2021, 12:41 PM.

    Comment


    • m.mayer
      m.mayer commented
      Editing a comment
      Thank you for your suggestion. I will try to implement it soon. Does the deletion of an entity also trigger the beforeSave Hook? I would appreciate having the logic in one space.

    • m.mayer
      m.mayer commented
      Editing a comment
      I just implemented your solution and it works like a charm. Thank you for your help.
Working...