Announcement

Collapse
No announcement yet.

How can user within a rule be allowed to send message only to themselve + admin?

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    How can user within a rule be allowed to send message only to themselve + admin?

    I want users with a specific role (e.g., customer role) to be able to send messages only to themselves, admin, and users with another role (e.g., supporter role), without being able to send messages to other users with the same role. However, if I set the read permission of User scope level to 'all', the user can send and view information of all other users. But if the read permission is set to 'own', the user can only message themselves
    I'm not sure how to solve this issue. I appreciate any help. Thanks
    Last edited by Decepticon; 07-08-2023, 04:55 AM.
    Tags: None
  • #2
    Use 'all' level with custom code that will establish needed access control. You can write your custom logic in before-create API hook for the Note entity: https://docs.espocrm.com/development...kclassnamelist

    Use $entity->getType() === \Espo\Entities\Note::TYPE_POST to apply only for posts.

    Throw Forbidden exception.

    Note that it will be server-side check. Users still will be able to do initiate sending via the UI but get a Forbidden error.
    • Likes 1

    Comment

    • #3
      Originally posted by yuri View Post
      Use 'all' level with custom code that will establish needed access control. You can write your custom logic in before-create API hook for the Note entity: https://docs.espocrm.com/development...kclassnamelist

      Use $entity->getType() === \Espo\Entities\Note::TYPE_POST to apply only for posts.

      Throw Forbidden exception.

      Note that it will be server-side check. Users still will be able to do initiate sending via the UI but get a Forbidden error.
      thank you for showing me the workaround but unfortunately I'm not a coder so writing custom code or using api is very difficult for me T_T
      • Likes 1

      Comment

      • espcrm
        #3.1
        espcrm commented
        07-11-2023, 06:16 AM
        Editing a comment
        You can learn how to use Formula to see if you can get same result with the "Before Save API". Formula can be done using GUI and it basic 'coding', it more like "math" than code though.
    • #4
      espocrm Perhaps I will embed the tawk.to widget into my website because it's the simplest way. Where do you think I should insert the code?
      Last edited by Decepticon; 07-13-2023, 07:22 PM.
      • Likes 1

      Comment

      • espcrm
        #4.1
        espcrm commented
        07-14-2023, 07:45 AM
        Editing a comment
        You pinged the wrong user. Anyway, code is out of my league.

        if you can iframe the 'widget' go for it. But iframe only work for Dashboard... anywhere else you need to Code.
    • #5
      Decepticon - Hi, did you get Tawk.To to work?

      Comment

      Previous template Next
      Working...
      X