Tasks Role Permission Conflict

**yuri** · 02-03-2018, 08:18 PM

Hi Pablo,

I couldn't come up with any appropriate solution for your case but customizing a bit.

Two files to be created.

custom/Espo/Custom/SelectManagers/Task.php

PHP Code:

<?php

namespace Espo\Custom\SelectManagers;

class Task extends \Espo\Modules\Crm\SelectManagers\Task
{    
    protected function accessOnlyOwn(&$result)
    {        
          $result['whereClause'][] = [
            'OR' => [
                'assignedUserId' => $this->getUser()->id,
                'createdById' => $this->getUser()->id
            ]
         ];
    }
}

custom/Espo/Custom/Acl/Task.php

PHP Code:

<?php

namespace Espo\Custom\Acl;

use \Espo\Entities\User;
use \Espo\ORM\Entity;

class Task extends \Espo\Core\Acl\Base
{
    public function checkEntityRead(User $user, Entity $entity, $data)
    {
        if ($this->checkEntity($user, $entity, $data, 'read')) {
            return true;
        }
        
        if ($user->id === $entity->get('createdById')) {
            return true;
        }
        
        return false;
    }
}

Note, I didn't check whether the code is running. There can be mistakes.

**Pablo** · 03-03-2018, 05:02 PM

Hi yuri ,

Thanks for the help and sorry for the late response.

We created the files but a "Bad server response" error appears. We looked at the logs and found:

[2018-03-03 16:53:42] Espo.ERROR: API [GET]:/:controller/:id, Params:Array ( [controller] => Task [id] => 5a9ad3168effbaf88 ) , InputData: - [] []
[2018-03-03 16:53:42] Espo.ERROR: Display Error: , Code: 403 URL: /backoffice9alliance/api/v1/Task/5a9ad3168effbaf88 [] []

Any corrections we need to make to the new files?

Thanks a lot.

**tanya** · 03-05-2018, 12:15 PM

Hello,
change the line with retutn true; to return true;

**Pablo** · 03-07-2018, 12:51 AM

Hi tanya ,

Thanks for the help. We tested and it doesn't show the "Error 403: You don't have an access to this area" when a user creates a task for another user (that's PERFECT).

However, when we look at the task list, the task is not shown (the user still can only view their own tasks).

Is there any way the user can ALSO see the tasks created by him/her at the task list?

Thanks a lot.

**tanya** · 03-07-2018, 08:43 AM

Do you use only roles for prohibiting or do you use Filter Only My?
I think you need to override one more method in Select Manager boolFilterOnlyMy

custom/Espo/Custom/SelectManagers/Task.php

PHP Code:

<?php

namespace Espo\Custom\SelectManagers;

class Task extends \Espo\Modules\Crm\SelectManagers\Task
{    
    protected function accessOnlyOwn(&$result)
    {        
          $result['whereClause'][] = [
            'OR' => [
                'assignedUserId' => $this->getUser()->id,
                'createdById' => $this->getUser()->id
            ]
         ];
    }

    protected function boolFilterOnlyMy(&$result)
    {
        if (!$this->checkIsPortal()) {
            if ($this->hasAssignedUserField()) {
                $result['whereClause'][] = [
                    'OR' => [
                         'assignedUserId' => $this->getUser()->id,
                         'createdById' => $this->getUser()->id
                      ]
                ];
            } else {
                $result['whereClause'][] = array(
                    'createdById' => $this->getUser()->id
                );
            }
        } else {
            $result['whereClause'][] = array(
                'createdById' => $this->getUser()->id
            );
        }
    }


}

**Pablo** · 03-07-2018, 04:40 PM

Hi tanya ,

We only use roles for prohibiting.

Does your last message with script overrides the roles permitions?

Thanks again.

**tanya** · 03-08-2018, 08:30 AM

Acl - for permissions,
SelectManagers - for flitering

In your Acl file (custom/Espo/Custom/Acl/Task.php) add the method

PHP Code:

  public function checkIsOwner(User $user, Entity $entity)
    {
        if ($entity->hasAttribute('assignedUserId')) {
            if ($entity->has('assignedUserId')) {
                if ($user->id === $entity->get('assignedUserId')) {
                    return true;
                }
            }
        }
        if ($entity->hasAttribute('createdById')) {
            if ($entity->has('createdById')) {
                if ($user->id === $entity->get('createdById')) {
                    return true;
                }
            }
        }

        if ($entity->hasAttribute('assignedUsersIds') && $entity->hasRelation('assignedUsers')) {
            if ($entity->hasLinkMultipleId('assignedUsers', $user->id)) {
                return true;
            }
        }

        return false;
    }

Need to check

**Pablo** · 03-09-2018, 07:10 PM

Hi tanya ,

We added the method but no success.

Our Task.php file at the Acl folder looks like this:

PHP Code:

<?php

namespace Espo\Custom\Acl;

use \Espo\Entities\User;
use \Espo\ORM\Entity;

class Task extends \Espo\Core\Acl\Base
{
    public function checkEntityRead(User $user, Entity $entity, $data)
    {
        if ($this->checkEntity($user, $entity, $data, 'read')) {
            return true;
        }
        
        if ($user->id === $entity->get('createdById')) {
            return true;
        }
        
        return false;
    }
    
    public function checkIsOwner(User $user, Entity $entity)
    {
        if ($entity->hasAttribute('assignedUserId')) {
            if ($entity->has('assignedUserId')) {
                if ($user->id === $entity->get('assignedUserId')) {
                    return true;
                }
            }
        }
        if ($entity->hasAttribute('createdById')) {
            if ($entity->has('createdById')) {
                if ($user->id === $entity->get('createdById')) {
                    return true;
                }
            }
        }

        if ($entity->hasAttribute('assignedUsersIds') && $entity->hasRelation('assignedUsers')) {
            if ($entity->hasLinkMultipleId('assignedUsers', $user->id)) {
                return true;
            }
        }

        return false;
    }
    
}

Are we missing something?

Thanks a lot.

**yuri** · 03-09-2018, 08:05 PM

Hi,

You need to create a custom SelectManager class for sure. The only way.

**Pablo** · 03-09-2018, 09:57 PM

Hi yuri ,

Besides the new file at custom/Espo/Custom/SelectManagers , is there anything else missing?

Thanks.

Tasks Role Permission Conflict

Tasks Role Permission Conflict

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment