Custom permissions / policies

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • kacper
    Junior Member
    • Oct 2023
    • 29
    #1

    Custom permissions / policies

    Is it possible to create custom permission for entity? I saw Acl, but it allows only for checking CRUD but I want to add custom permission. For example checking if user has permission to perform some action named on entity. Is it possible via Acl or any other mechanism?
    I want mechanism like Laravel's policy where I can create method in PHP class and then use that policy via Dependency Injection
    Tags: None
    • yuri
      Member
      • Mar 2014
      • 9078
      #2
      You can create custom permissions (not scope level). These ones:

      Click image for larger version Name: image.png Views: 254 Size: 9.6 KB ID: 100433
      If you find EspoCRM good, we would greatly appreciate if you could give the project a star on GitHub. We believe our work truly deserves more recognition. Thanks.

        Comment

        • yuri
          #2.1
          yuri commented
          12-06-2023, 12:31 PM
          Editing a comment
          "How?", I can't say, it would require me looking into code and will take some time. Start investigating from metadata > app > acl.
        • kacper
          Junior Member
          • Oct 2023
          • 29
          #3
          I rather meant permissions for a specific user for a specific entity, not for the entire role. For example I want to check if current user has permission to start action named "XYZ" on entity Account with ID = "asdf1234". I want to use some kind of Policy via edependncy injection in controller, pass current user, entity and actio name to that policy and as a result receive boolean. Is this possible natively in Espo?

            Comment

            • yuri
              Member
              • Mar 2014
              • 9078
              #4
              I meant not possible for scope level, but possible for global level. Technically it's possible, but would need to do customizations in core classses. Espo is a ready product, with pre-defined actions. There was no need to have the ability to add custom ACL actions.
              If you find EspoCRM good, we would greatly appreciate if you could give the project a star on GitHub. We believe our work truly deserves more recognition. Thanks.

                Comment

                • yuri
                  Member
                  • Mar 2014
                  • 9078
                  #5
                  You can add in the backend: https://docs.espocrm.com/development...#aclactionlist

                  Then use $this->acl->checkEntity($entity, 'yourCustomAction');

                  But I did not test.

                  It's hardcoded in the front-end, where you set up roles.
                  If you find EspoCRM good, we would greatly appreciate if you could give the project a star on GitHub. We believe our work truly deserves more recognition. Thanks.

                    Comment

                    • kacper
                      Junior Member
                      • Oct 2023
                      • 29
                      #6
                      Thanks for answer! I understand I will implement it on my own

                        Comment

                        • esforim
                          #6.1
                          esforim commented
                          12-07-2023, 04:41 AM
                          Editing a comment
                          Do share your findings
                        • kacper
                          Junior Member
                          • Oct 2023
                          • 29
                          #7
                          I made Policies based on Laravel.

                          Code:
                          class PolicyChecker
{
protected array $policyClasses = [
EntityName::ENTITY_TYPE => EntityNamePolicy::class,
]; // this should be moved to separate file/provider

public function __construct(
protected User $user // current logged in user resolved with Dependency Injeciton
) {
}

public function check(Entity $entity, string $policyName): bool
{
$policy = $this->resolvePolicyClassForEntity($entity->getEntityType());

if (! method_exists($policy, $policyName)) {
throw new \Exception('Invalid policy method name');
}

return $policy->$policyName($this->user, $entity);
}

protected function resolvePolicyClassForEntity(string $entityType): PolicyInterface
{
  if (! isset($this->policyClasses[$entityType])) {
  throw new \Exception('Missing policy');
  }

return new $this->policyClasses[$entityType];
}
}​
                          With this class you can make Policy for each entity like in Laravel.
                          This is used only for checking permissions on server side

                            Comment

                            • bandtank
                              #7.1
                              bandtank commented
                              06-14-2025, 04:41 PM
                              Editing a comment
                              This is not enough information. Where did you put the file and how did you tell Espo to use it? Which includes did you use? There must be more configuration and code.
                            Previous template Next
                            Working...