Announcement

Collapse
No announcement yet.

Creating private events on the calendar

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Creating private events on the calendar

    I need to create events that can't be seen by other users in detail, but it is important for the other users to see the events on the calendar for planning purposes. To see an example, go here to read about the way Outlook implements this feature and go here to see screenshots of how it looks when it is enabled. The way the calendars look in the second link is exactly what I am trying to accomplish.

    There are several key factors:
    • A field must be added to events, e.g. "private" which is a boolean. The user will check the box in the "private" field to enable the feature.
    • The detail of the record should not be visible when the event has been clicked.
    • The name of the record should appear as 'Private' in the calendar.
    • The record should not appear in lists.
    • The permission for seeing private events should be limited to the assigned user and a specific team; e.g. "PrivateEventViewers". Regardless of other permission settings, no one else should be able to view the records other than administrators.
    In the past, there was a solution to this question, but it does not work in 7.x. The previous solution used the Select Manager framework while the new method must use the Select Builder framework. It is not clear how this should work.

    My limited understanding is as follows:
    • The Select Builder should be used to intercept a request before it is processed by the ORM.
    • If the "private" field is true and the query is for a list view, the record should not be included in the output unless the user has the correct permission.
    • If the "private" field is true and the query is for a calendar view, the record should be included in the output and the name should be changed to "Private" unless the user has the correct permission.
    • If the "private" field is set to false, the record should be treated as it normally would be.
    I have seen partial solutions in many places on the forum. It would be very helpful if we could, as a community, implement a full solution to this problem with every step and file documented. So many features are touched by this issue: primary filters, select builders, hooks, and many more.

    Any advice would be greatly appreciated.

  • #2
    To get this started, I know something like the following must be implemented:
    PHP Code:
    ...
    if private 
    is true:
      if 
    user has permission to view private records:
        do 
    nothing
      
    else
        
    replace the values in the name and description fields with 'PRIVATE'
    return all records
    ... 
    Last edited by bandtank; 09-24-2023, 04:57 PM.

    Comment


    • #3
      I am beginning to work on this again. If anyone has any tips, I would welcome advice. There have been a lot of changes to Espo since last year, so I am not sure what the best way would be to approach this problem.

      In short, I would like to replace all details in a meeting with a placeholder value ("private" or something similar) when it is set to private (isPrivate = True) and the user is not the owner.

      Comment


      • #4
        I think it can be accomplished by effectively customizing roles and teams.

        Workflows to be created to de-link teams, when the event is marked Private.

        Comment


        • #5
          Roles won't work in this situation because hiding the record or individual fields in the record is not the goal. The meeting needs to appear on other users' calendars as it normally would, but certain information needs to be redacted. It is possible to hide the description field using a role, but not the name field. The meeting also needs to appear in the list views as well.

          If a user marks an event as private, that user should still see the original information while every other user would see a replacement string, e.g. "private". The only way to accomplish the goal in this situation is to somehow replace strings in the back end after a query has been performed. There is also the issue of disallowing updates by other users, but that is secondary and easier to manage in a hook.

          I think this is beyond the capability of a role.

          Comment


          • dreginald
            dreginald commented
            Editing a comment
            The roles of the concerned users will have team view rights for the Meeting and the Team is delinked with the Workflow when the meeting is made Private

          • bandtank
            bandtank commented
            Editing a comment
            Sorry, I don't think you are understanding the issue. What you are suggesting will hide records and fields, but that won't work for this use case. The records and fields need to be visible to all users, but the private information needs to be only be visible to the assigned user. Other users should see the fields with redacted information, e.g. change the 'name' field from 'Appointment with doctor' to 'Private'. Assigning roles and teams will prevent records and fields from appearing in the list and calendar views for the users who don't have read permission, which works if you want to hide things completely, but that will not allow other users to see the record.

            The point is to see that a user is busy by seeing a calendar event while not being able to see private information. Teams and roles can't accomplish that because the data itself must be modified after it has been fetched.

          • dreginald
            dreginald commented
            Editing a comment
            I seemed to have understood it wrong.
            My suggestion is to hide the full record and not just a field

            This amounts to conditional access of a part (few fields) a part of a record.

            Suggestions

            You can create A Panel with condition to make it visible to the users and you can restrict the fields in the roles on the other users
            Last edited by dreginald; 09-25-2023, 12:03 PM.

        • #6
          Just a thought process.
          I would use the Dynamic Logic in the Entity Manager in every field what should not be visible.
          -> Conditions that make a field visible

          And in the entity formulas change the name via IfthenElse query.
          If private active, then -> name (private), otherwise just the name.

          So that might be how I would solve it.
          Maybe that would be a solution.​

          Comment


          • #7
            Thanks for the suggestion. I will see if any of the formulas can solve this issue. Based on my current understanding, the formulas will only execute before the record has been saved, which won't accomplish the goal.

            Here is a step-by-step list of each part of process:
            Code:
            The initial creation of a record is unchanged compared to the usual process:
            1. Record created with private flag enabled
            2. User saves record
            3. Back end processing completes
            4. Record is stored in the database without changes to the fields
            
            Now the assigned user loads the record:
            1. Record request sent to the back end
            2. Back end retrieves the record from the database
            3. Record sent to the front end without changes to the fields
            
            At this point, everything is normal. However, another user tries to load the record, which should result in the following:
            1. Record request sent to back end
            2. Back end retrieves the record from the database
            3. ** NEW STEP ** Replace private information with new strings, e.g. change the name field to 'Private'
            4. Record sent to the front end
            Here is how it would look:

            Click image for larger version

Name:	Screenshot_2023-09-25_at_06_05_56.png
Views:	234
Size:	122.9 KB
ID:	97869

            Note: This is exactly the same way in which Outlook handles the situation, which is the desired outcome. You don't always want to hide the whole record from other users. There are many use cases for showing partial records to other users.

            Comment

            Working...
            X