No announcement yet.

Custom permissions / policies

  • Filter
  • Time
  • Show
Clear All
new posts

  • Custom permissions / policies

    Is it possible to create custom permission for entity? I saw Acl, but it allows only for checking CRUD but I want to add custom permission. For example checking if user has permission to perform some action named on entity. Is it possible via Acl or any other mechanism?
    I want mechanism like Laravel's policy where I can create method in PHP class and then use that policy via Dependency Injection

  • #2
    You can create custom permissions (not scope level). These ones:

    Click image for larger version

Name:	image.png
Views:	106
Size:	9.6 KB
ID:	100433


    • yuri
      yuri commented
      Editing a comment
      "How?", I can't say, it would require me looking into code and will take some time. Start investigating from metadata > app > acl.

  • #3
    I rather meant permissions for a specific user for a specific entity, not for the entire role. For example I want to check if current user has permission to start action named "XYZ" on entity Account with ID = "asdf1234". I want to use some kind of Policy via edependncy injection in controller, pass current user, entity and actio name to that policy and as a result receive boolean. Is this possible natively in Espo?


    • #4
      I meant not possible for scope level, but possible for global level. Technically it's possible, but would need to do customizations in core classses. Espo is a ready product, with pre-defined actions. There was no need to have the ability to add custom ACL actions.


      • #5
        You can add in the backend:

        Then use $this->acl->checkEntity($entity, 'yourCustomAction');

        But I did not test.

        It's hardcoded in the front-end, where you set up roles.


        • #6
          Thanks for answer! I understand I will implement it on my own


          • espcrm
            espcrm commented
            Editing a comment
            Do share your findings

        • #7
          I made Policies based on Laravel.

          class PolicyChecker
          protected array $policyClasses = [
          EntityName::ENTITY_TYPE => EntityNamePolicy::class,
          ]; // this should be moved to separate file/provider
          public function __construct(
          protected User $user // current logged in user resolved with Dependency Injeciton
          ) {
          public function check(Entity $entity, string $policyName): bool
          $policy = $this->resolvePolicyClassForEntity($entity->getEntityType());
          if (! method_exists($policy, $policyName)) {
          throw new \Exception('Invalid policy method name');
          return $policy->$policyName($this->user, $entity);
          protected function resolvePolicyClassForEntity(string $entityType): PolicyInterface
            if (! isset($this->policyClasses[$entityType])) {
            throw new \Exception('Missing policy');
          return new $this->policyClasses[$entityType];
          With this class you can make Policy for each entity like in Laravel.
          This is used only for checking permissions on server side