Announcement

Collapse
No announcement yet.

Set a Portal User to only allow editing a record based on conditions?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Set a Portal User to only allow editing a record based on conditions?

    Hey All,

    Any ideas on how I might restrict a Portal User to only being able to edit fields based on conditions? Such as only accepting edits when the status field is set to draft? Should I be looking at the onSave hook? Does the hook event describe that the edit came from the Portal?

    (Normal CRM staff should always be able to edit.)

    Cheers​.

  • #2
    Hi there,

    You could use the beforeSave hook for this.
    I doubt there is a feature / tweak for this.

    Comment


    • #3
      Originally posted by axyl View Post
      Hey All,

      Any ideas on how I might restrict a Portal User to only being able to edit fields based on conditions? Such as only accepting edits when the status field is set to draft? Should I be looking at the onSave hook? Does the hook event describe that the edit came from the Portal?

      (Normal CRM staff should always be able to edit.)

      Cheers​.
      I think it is doable using front end custom view, here is how i would do it, i would create a custom record/view for my entity type as below:

      1 - under custom/Espo/Custom/Resources/metadata/clientDefs/your-entity-type.json (define a custom record view)
      PHP Code:
      {
          
      "recordViews": {
              
      "detail""custom:views/your-entity-type/record/detail"
          
      }
      }
      ​ 

      2 - Implement the logic to set fields read if the current user isPortal and status field is draft (create the custom view under client/custom/src/views/your-entity-type/record/detail.js)
      PHP Code:
      define('custom:views/your-entity-type/record/detail', ['views/record/detail'], function (Dep) {

          return 
      Dep.extend({


              
      setup: function() {
                  
      Dep.prototype.setup.call(this);

                  
      this.setupFieldPermission();
              },

              
      setupFieldPermission() {
                  
      this.controlFieldPermission();

                  
      this.listenTo(this.model'change:status', () => this.controlFieldPermission());
              },

              
      controlFieldPermission() {

                  if (!
      this.getUser().isPortal()) {
                      return;
                  }

                  
      // here you can check if the status if draft then set field to readOnly mode.
                  
      if (this.model.get('status') === 'Draft') {
                      
      this.setFieldReadOnly('name');
                      
      this.setFieldReadOnly('website');
                      
      this.setFieldReadOnly('description');
                  }
              },
          });
      });
      ​ 

      I hope this helps
      Rabii
      Web Dev

      Comment


      • item
        item commented
        Editing a comment
        Thanks Rabii,
        yours posts are always great.

      • rabii
        rabii commented
        Editing a comment
        you are welcome item
        appreciate your words mate

    • #4
      Thanks for the replies, but I'd rather block at the server first security wise.

      I came up with this...this example checks if the description field of the contact has the value of meh . If so, and the user is a portal user, then they cannot save changes to the record. (I have some logging in there too, just for the testing of the process)

      PHP Code:

      <?php
      namespace Espo\Custom\Hooks\Contact;

      use 
      Espo\ORM\Entity;
      use 
      Espo\Core\Hook\Hook\BeforeSave;
      use 
      Espo\ORM\Repository\Option\SaveOptions;
      use 
      Espo\Core\Exceptions\Error;
      use 
      Espo\Entities\User;

      class 
      checkPortalSaveHook implements BeforeSave
      {    
          
      // An optional parameter, defines in which order hooks will be processed.
          // Lesser value means sooner.
          
      public static int $order 1;

          public function 
      __construct(
              
      // Define needed dependencies.
              
      private User $loggedInUser,
          ) {}

          public function 
      beforeSave(Entity $entitySaveOptions $options): void {
              
      // If the user is editing from the portal, then deny the edit.
              
      $log$GLOBALS['log'];
              
      $log->error("checkPortalSaveHook - options");
              
      $log->error(print_r($optionstrue));

              
      $log->error("Portal User");
              
      $isPortal$this->loggedInUser->isPortal();
              
      $log->error(print_r($isPortaltrue));        
                    
              
      $description$entity->get('description');
              if (
      $description=="meh" && $isPortal) {
                  throw new 
      Error("No permission to edit this record");            
              }
          }
          
      }

      Comment


      • #5
        Looks cool

        Just be aware that your user might be confused hence an error is occurring but no hints on what is the error and why. I think if you want to use a backend it would be better to use saveError Handler https://docs.espocrm.com/development...rror-handlers/
        Rabii
        Web Dev

        Comment


        • #6
          Hello all, I'm very sorry because re-pump this topic again. But can we use condition for inlineEditDisabled Metadata ? I would like to extend detail view and set User can inline-edit or not by some conditions.

          Comment

          Working...
          X