Announcement

Collapse
No announcement yet.

Custom permissions / policies

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Custom permissions / policies

    Is it possible to create custom permission for entity? I saw Acl, but it allows only for checking CRUD but I want to add custom permission. For example checking if user has permission to perform some action named on entity. Is it possible via Acl or any other mechanism?
    I want mechanism like Laravel's policy where I can create method in PHP class and then use that policy via Dependency Injection
    Tags: None
  • #2
    You can create custom permissions (not scope level). These ones:

    Click image for larger version Name: image.png Views: 91 Size: 9.6 KB ID: 100433
    • Likes 1

    Comment

    • yuri
      #2.1
      yuri commented
      12-06-2023, 12:31 PM
      Editing a comment
      "How?", I can't say, it would require me looking into code and will take some time. Start investigating from metadata > app > acl.
  • #3
    I rather meant permissions for a specific user for a specific entity, not for the entire role. For example I want to check if current user has permission to start action named "XYZ" on entity Account with ID = "asdf1234". I want to use some kind of Policy via edependncy injection in controller, pass current user, entity and actio name to that policy and as a result receive boolean. Is this possible natively in Espo?

    Comment

    • #4
      I meant not possible for scope level, but possible for global level. Technically it's possible, but would need to do customizations in core classses. Espo is a ready product, with pre-defined actions. There was no need to have the ability to add custom ACL actions.

      Comment

      • #5
        You can add in the backend: https://docs.espocrm.com/development...#aclactionlist

        Then use $this->acl->checkEntity($entity, 'yourCustomAction');

        But I did not test.

        It's hardcoded in the front-end, where you set up roles.

        Comment

        • #6
          Thanks for answer! I understand I will implement it on my own
          • Likes 1

          Comment

          • espcrm
            #6.1
            espcrm commented
            12-07-2023, 04:41 AM
            Editing a comment
            Do share your findings
        • #7
          I made Policies based on Laravel.

          Code:
          class PolicyChecker
{
protected array $policyClasses = [
EntityName::ENTITY_TYPE => EntityNamePolicy::class,
]; // this should be moved to separate file/provider

public function __construct(
protected User $user // current logged in user resolved with Dependency Injeciton
) {
}

public function check(Entity $entity, string $policyName): bool
{
$policy = $this->resolvePolicyClassForEntity($entity->getEntityType());

if (! method_exists($policy, $policyName)) {
throw new \Exception('Invalid policy method name');
}

return $policy->$policyName($this->user, $entity);
}

protected function resolvePolicyClassForEntity(string $entityType): PolicyInterface
{
  if (! isset($this->policyClasses[$entityType])) {
  throw new \Exception('Missing policy');
  }

return new $this->policyClasses[$entityType];
}
}​
          With this class you can make Policy for each entity like in Laravel.
          This is used only for checking permissions on server side
          • Likes 1

          Comment

          Previous template Next
          Working...
          X