Only allow certain user to create new entity based on relationship

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • bandtank
    Active Community Member
    • Mar 2017
    • 379

    Only allow certain user to create new entity based on relationship

    Is it possible to only allow certain users to create a new entity based on a field in another entity? For example, I have a one-to-many relationship between Jobs and Projects. I have a special job called 00-0000 for internal use only whereas a typical job is YY-NNNN, e.g. 17-0412 for the 412th job in the year 2017. Creating a new job automatically calculates the job number (YY-NNNN).

    For internal tasks, I have projects listed under 00-0000 for things like filling out a timesheet or other non-billable activities. I do not want anyone except one or two users to be able to add projects to the 00-0000 job. In other words, if a user goes to the Projects tab and tries to create a new project that will be associated to 00-0000, it shouldn't work unless the user is an administrator or in a specific team.

    Is something like this possible? I don't mind doing it programmatically as long as it's possible. I'm looking at formulas, but I can't tell if it's possible to cause the new entity creation to fail. If it is, I could maybe use a formula, but I don't know how.
  • tanya
    Senior Member
    • Jun 2014
    • 4308

    #2
    Hello
    If any user can see / choose zero-job, but can not save - it's easy.
    As I can see, you tell about own custom entity.

    With formula you can only override project jobId (for ex. jobId = '99-0000'), if jobId = '00-0000', but project will be created
    Also you can do it in beforeSave hook - if not allowed, throw Error.
    Also you can check the permission in Project Controller

    Comment

    • bandtank
      Active Community Member
      • Mar 2017
      • 379

      #3
      Thanks for the response. I couldn't figure out how to do it any other way, so I ended up using a hook:

      Code:
          private function checkPermission($entity)
          {
              $job  = $entity->get('job');
              $type = $entity->get('type');
      
              if( preg_match("/^00-/",$job) ) {
                  if($type == 'Z') {
                      $userId = $entity->get('createdById');
                      $sql = "
                          SELECT tu.`user_id`
                          FROM   `team` t
                          JOIN   `team_user` tu ON tu.`team_id` = t.`id`
                          WHERE   t.`name` = 'CRM Administrators'";
      
                      $pdo = $this->getEntityManager()->getPDO();
                      $sth = $pdo->prepare($sql);
                      $sth->execute();
      
                      $rows = $sth->fetchAll();
      
                      $found = 0;
                      foreach ($rows as $row) {
                          if($row['user_id'] == $userId) {
                              $found = true;
                          }
                      }
                      if(!$found) {
                          throw new Error('You do not have permission to create this project.');
                      }
      
                  } else {
                      throw new Error('Only internal projects can be added to 00-0000.');
                  }
              } else {
                  if($projType == 'Z') {
                      throw new Error('Internal projects can only be added to 00-0000');
                  }
              }
          }

      Comment

      Working...