Announcement

Collapse
No announcement yet.

Set a Portal User to only allow editing a record based on conditions?

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Set a Portal User to only allow editing a record based on conditions?

    Hey All,

    Any ideas on how I might restrict a Portal User to only being able to edit fields based on conditions? Such as only accepting edits when the status field is set to draft? Should I be looking at the onSave hook? Does the hook event describe that the edit came from the Portal?

    (Normal CRM staff should always be able to edit.)

    Cheers​.
    Tags: None
  • #2
    Hi there,

    You could use the beforeSave hook for this.
    I doubt there is a feature / tweak for this.

    Comment

    • #3
      Originally posted by axyl View Post
      Hey All,

      Any ideas on how I might restrict a Portal User to only being able to edit fields based on conditions? Such as only accepting edits when the status field is set to draft? Should I be looking at the onSave hook? Does the hook event describe that the edit came from the Portal?

      (Normal CRM staff should always be able to edit.)

      Cheers​.
      I think it is doable using front end custom view, here is how i would do it, i would create a custom record/view for my entity type as below:

      1 - under custom/Espo/Custom/Resources/metadata/clientDefs/your-entity-type.json (define a custom record view)
      PHP Code:
      {
                "recordViews": {
                    "detail""custom:views/your-entity-type/record/detail"
                }
      }      ​ 

      2 - Implement the logic to set fields read if the current user isPortal and status field is draft (create the custom view under client/custom/src/views/your-entity-type/record/detail.js)
      PHP Code:
      define('custom:views/your-entity-type/record/detail', ['views/record/detail'], function (Dep) {

          return       Dep.extend({


                    setup: function() {
                        Dep.prototype.setup.call(this);

                        this.setupFieldPermission();
              },

                    setupFieldPermission() {
                        this.controlFieldPermission();

                        this.listenTo(this.model'change:status', () => this.controlFieldPermission());
              },

                    controlFieldPermission() {

                  if (!      this.getUser().isPortal()) {
                      return;
                  }

                        // here you can check if the status if draft then set field to readOnly mode.
                        if (this.model.get('status') === 'Draft') {
                            this.setFieldReadOnly('name');
                            this.setFieldReadOnly('website');
                            this.setFieldReadOnly('description');
                  }
              },
          });
      });      ​ 

      I hope this helps
      • Likes 1

      Comment

      • item
        #3.1
        item commented
        09-28-2023, 04:08 PM
        Editing a comment
        Thanks Rabii,
        yours posts are always great.
      • rabii
        #3.2
        rabii commented
        09-29-2023, 10:43 AM
        Editing a comment
        you are welcome item
        appreciate your words mate
    • #4
      Thanks for the replies, but I'd rather block at the server first security wise.

      I came up with this...this example checks if the description field of the contact has the value of meh . If so, and the user is a portal user, then they cannot save changes to the record. (I have some logging in there too, just for the testing of the process)

      PHP Code:

      <?php
      namespace Espo\Custom\Hooks\Contact;

      use       Espo\ORM\Entity;
      use       Espo\Core\Hook\Hook\BeforeSave;
      use       Espo\ORM\Repository\Option\SaveOptions;
      use       Espo\Core\Exceptions\Error;
      use       Espo\Entities\User;

      class       checkPortalSaveHook implements BeforeSave
      {    
                // An optional parameter, defines in which order hooks will be processed.
          // Lesser value means sooner.
                public static int $order 1;

          public function       __construct(
                    // Define needed dependencies.
                    private User $loggedInUser,
          ) {}

          public function       beforeSave(Entity $entitySaveOptions $options): void {
                    // If the user is editing from the portal, then deny the edit.
                    $log$GLOBALS['log'];
                    $log->error("checkPortalSaveHook - options");
                    $log->error(print_r($optionstrue));

                    $log->error("Portal User");
                    $isPortal$this->loggedInUser->isPortal();
                    $log->error(print_r($isPortaltrue));        
                    
                    $description$entity->get('description');
              if (      $description=="meh" && $isPortal) {
                  throw new       Error("No permission to edit this record");            
              }
          }
          
      }

      Comment

      • #5
        Looks cool

        Just be aware that your user might be confused hence an error is occurring but no hints on what is the error and why. I think if you want to use a backend it would be better to use saveError Handler https://docs.espocrm.com/development...rror-handlers/

        Comment

        Previous template Next
        Working...
        X