Custom permissions / policies

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • kacper
    Junior Member
    • Oct 2023
    • 29

    Custom permissions / policies

    Is it possible to create custom permission for entity? I saw Acl, but it allows only for checking CRUD but I want to add custom permission. For example checking if user has permission to perform some action named on entity. Is it possible via Acl or any other mechanism?
    I want mechanism like Laravel's policy where I can create method in PHP class and then use that policy via Dependency Injection
  • yuri
    Member
    • Mar 2014
    • 8442

    #2
    You can create custom permissions (not scope level). These ones:

    Click image for larger version

Name:	image.png
Views:	149
Size:	9.6 KB
ID:	100433
    If you find EspoCRM good, we would greatly appreciate if you could give the project a star on GitHub. We believe our work truly deserves more recognition. Thanks.

    Comment


    • yuri
      yuri commented
      Editing a comment
      "How?", I can't say, it would require me looking into code and will take some time. Start investigating from metadata > app > acl.
  • kacper
    Junior Member
    • Oct 2023
    • 29

    #3
    I rather meant permissions for a specific user for a specific entity, not for the entire role. For example I want to check if current user has permission to start action named "XYZ" on entity Account with ID = "asdf1234". I want to use some kind of Policy via edependncy injection in controller, pass current user, entity and actio name to that policy and as a result receive boolean. Is this possible natively in Espo?

    Comment

    • yuri
      Member
      • Mar 2014
      • 8442

      #4
      I meant not possible for scope level, but possible for global level. Technically it's possible, but would need to do customizations in core classses. Espo is a ready product, with pre-defined actions. There was no need to have the ability to add custom ACL actions.
      If you find EspoCRM good, we would greatly appreciate if you could give the project a star on GitHub. We believe our work truly deserves more recognition. Thanks.

      Comment

      • yuri
        Member
        • Mar 2014
        • 8442

        #5
        You can add in the backend: https://docs.espocrm.com/development...#aclactionlist

        Then use $this->acl->checkEntity($entity, 'yourCustomAction');

        But I did not test.

        It's hardcoded in the front-end, where you set up roles.
        If you find EspoCRM good, we would greatly appreciate if you could give the project a star on GitHub. We believe our work truly deserves more recognition. Thanks.

        Comment

        • kacper
          Junior Member
          • Oct 2023
          • 29

          #6
          Thanks for answer! I understand I will implement it on my own

          Comment


          • esforim
            esforim commented
            Editing a comment
            Do share your findings
        • kacper
          Junior Member
          • Oct 2023
          • 29

          #7
          I made Policies based on Laravel.

          Code:
          class PolicyChecker
          {
          protected array $policyClasses = [
          EntityName::ENTITY_TYPE => EntityNamePolicy::class,
          ]; // this should be moved to separate file/provider
          
          public function __construct(
          protected User $user // current logged in user resolved with Dependency Injeciton
          ) {
          }
          
          public function check(Entity $entity, string $policyName): bool
          {
          $policy = $this->resolvePolicyClassForEntity($entity->getEntityType());
          
          if (! method_exists($policy, $policyName)) {
          throw new \Exception('Invalid policy method name');
          }
          
          return $policy->$policyName($this->user, $entity);
          }
          
          protected function resolvePolicyClassForEntity(string $entityType): PolicyInterface
          {
            if (! isset($this->policyClasses[$entityType])) {
            throw new \Exception('Missing policy');
            }
          
          return new $this->policyClasses[$entityType];
          }
          }​
          With this class you can make Policy for each entity like in Laravel.
          This is used only for checking permissions on server side

          Comment

          Working...