How can user within a rule be allowed to send message only to themselve + admin?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Decepticon
    Junior Member
    • Jul 2023
    • 18

    How can user within a rule be allowed to send message only to themselve + admin?

    I want users with a specific role (e.g., customer role) to be able to send messages only to themselves, admin, and users with another role (e.g., supporter role), without being able to send messages to other users with the same role. However, if I set the read permission of User scope level to 'all', the user can send and view information of all other users. But if the read permission is set to 'own', the user can only message themselves
    I'm not sure how to solve this issue. I appreciate any help. Thanks
    Last edited by Decepticon; 07-08-2023, 04:55 AM.
  • yuri
    Member
    • Mar 2014
    • 8442

    #2
    Use 'all' level with custom code that will establish needed access control. You can write your custom logic in before-create API hook for the Note entity: https://docs.espocrm.com/development...kclassnamelist

    Use $entity->getType() === \Espo\Entities\Note::TYPE_POST to apply only for posts.

    Throw Forbidden exception.

    Note that it will be server-side check. Users still will be able to do initiate sending via the UI but get a Forbidden error.
    If you find EspoCRM good, we would greatly appreciate if you could give the project a star on GitHub. We believe our work truly deserves more recognition. Thanks.

    Comment

    • Decepticon
      Junior Member
      • Jul 2023
      • 18

      #3
      Originally posted by yuri
      Use 'all' level with custom code that will establish needed access control. You can write your custom logic in before-create API hook for the Note entity: https://docs.espocrm.com/development...kclassnamelist

      Use $entity->getType() === \Espo\Entities\Note::TYPE_POST to apply only for posts.

      Throw Forbidden exception.

      Note that it will be server-side check. Users still will be able to do initiate sending via the UI but get a Forbidden error.
      thank you for showing me the workaround but unfortunately I'm not a coder so writing custom code or using api is very difficult for me T_T

      Comment


      • esforim
        esforim commented
        Editing a comment
        You can learn how to use Formula to see if you can get same result with the "Before Save API". Formula can be done using GUI and it basic 'coding', it more like "math" than code though.
    • Decepticon
      Junior Member
      • Jul 2023
      • 18

      #4
      espocrm Perhaps I will embed the tawk.to widget into my website because it's the simplest way. Where do you think I should insert the code?
      Last edited by Decepticon; 07-13-2023, 07:22 PM.

      Comment


      • esforim
        esforim commented
        Editing a comment
        You pinged the wrong user. Anyway, code is out of my league.

        if you can iframe the 'widget' go for it. But iframe only work for Dashboard... anywhere else you need to Code.
    • rawiri
      Member
      • Sep 2021
      • 34

      #5
      Decepticon - Hi, did you get Tawk.To to work?

      Comment

      Working...