Announcement

Collapse
No announcement yet.

Custom permissions / policies

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Custom permissions / policies

    Is it possible to create custom permission for entity? I saw Acl, but it allows only for checking CRUD but I want to add custom permission. For example checking if user has permission to perform some action named on entity. Is it possible via Acl or any other mechanism?
    I want mechanism like Laravel's policy where I can create method in PHP class and then use that policy via Dependency Injection

  • #2
    You can create custom permissions (not scope level). These ones:

    Click image for larger version

Name:	image.png
Views:	106
Size:	9.6 KB
ID:	100433

    Comment


    • yuri
      yuri commented
      Editing a comment
      "How?", I can't say, it would require me looking into code and will take some time. Start investigating from metadata > app > acl.

  • #3
    I rather meant permissions for a specific user for a specific entity, not for the entire role. For example I want to check if current user has permission to start action named "XYZ" on entity Account with ID = "asdf1234". I want to use some kind of Policy via edependncy injection in controller, pass current user, entity and actio name to that policy and as a result receive boolean. Is this possible natively in Espo?

    Comment


    • #4
      I meant not possible for scope level, but possible for global level. Technically it's possible, but would need to do customizations in core classses. Espo is a ready product, with pre-defined actions. There was no need to have the ability to add custom ACL actions.

      Comment


      • #5
        You can add in the backend: https://docs.espocrm.com/development...#aclactionlist

        Then use $this->acl->checkEntity($entity, 'yourCustomAction');

        But I did not test.

        It's hardcoded in the front-end, where you set up roles.

        Comment


        • #6
          Thanks for answer! I understand I will implement it on my own

          Comment


          • espcrm
            espcrm commented
            Editing a comment
            Do share your findings

        • #7
          I made Policies based on Laravel.

          Code:
          class PolicyChecker
          {
          protected array $policyClasses = [
          EntityName::ENTITY_TYPE => EntityNamePolicy::class,
          ]; // this should be moved to separate file/provider
          
          public function __construct(
          protected User $user // current logged in user resolved with Dependency Injeciton
          ) {
          }
          
          public function check(Entity $entity, string $policyName): bool
          {
          $policy = $this->resolvePolicyClassForEntity($entity->getEntityType());
          
          if (! method_exists($policy, $policyName)) {
          throw new \Exception('Invalid policy method name');
          }
          
          return $policy->$policyName($this->user, $entity);
          }
          
          protected function resolvePolicyClassForEntity(string $entityType): PolicyInterface
          {
            if (! isset($this->policyClasses[$entityType])) {
            throw new \Exception('Missing policy');
            }
          
          return new $this->policyClasses[$entityType];
          }
          }​
          With this class you can make Policy for each entity like in Laravel.
          This is used only for checking permissions on server side

          Comment

          Working...
          X