Announcement

Collapse
No announcement yet.

Acl: Api User + assignmentPermission

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Acl: Api User + assignmentPermission

    I create API user with role:

    permission to entity: Granted.
    assignmentPermission: not set.

    When I try POST new entity (assignedUserId: null) I got 403 Assignment permission failure

    If I set assignmentPermission to 'all' all OK.

    Why? I don't try assign this entity.

    May be check assignedUserId is not null is missing here https://github.com/espocrm/espocrm/b...ecord.php#L703
    Tags: None
  • #2
    According this https://github.com/espocrm/espocrm/b...ecord.php#L708
    if you have assignment permission = 'no', you can only assign to self. You can't leave it empty.


    It was designed to not allow for users with assignment permission set to 'no', to create unassigned records. Maybe it would be reasonable to abolish this restriction, I'm not sure.
    Last edited by yuri; 05-01-2020, 11:56 AM.

    Comment

    • #3
      I think if assignedUser is not mandatory and user have permit to creating this entity then the empty assignedUser when creating is not restriction.

      Comment

      Previous template Next
      Working...
      X