Acl: Api User + assignmentPermission

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • dimyy
    Active Community Member
    • Jun 2018
    • 569
    #1

    Acl: Api User + assignmentPermission

    I create API user with role:

    permission to entity: Granted.
    assignmentPermission: not set.

    When I try POST new entity (assignedUserId: null) I got 403 Assignment permission failure

    If I set assignmentPermission to 'all' all OK.

    Why? I don't try assign this entity.

    May be check assignedUserId is not null is missing here https://github.com/espocrm/espocrm/b...ecord.php#L703
    Tags: None
    • yuri
      Member
      • Mar 2014
      • 8557
      #2
      According this https://github.com/espocrm/espocrm/b...ecord.php#L708
      if you have assignment permission = 'no', you can only assign to self. You can't leave it empty.


      It was designed to not allow for users with assignment permission set to 'no', to create unassigned records. Maybe it would be reasonable to abolish this restriction, I'm not sure.
      Last edited by yuri; 05-01-2020, 11:56 AM.
      If you find EspoCRM good, we would greatly appreciate if you could give the project a star on GitHub. We believe our work truly deserves more recognition. Thanks.

        Comment

        • dimyy
          Active Community Member
          • Jun 2018
          • 569
          #3
          I think if assignedUser is not mandatory and user have permit to creating this entity then the empty assignedUser when creating is not restriction.

            Comment

            Previous template Next
            Working...