Tried adding a custom ACL to disallow DELETE as per
https://enricosimonetti.com/powerful-customisations-with-sugars-acl/
but this does NOT seem to work when I try it on Sugar 13.0.3
custom\Extension\modules\Contacts\Ext\Vardefs\acl.php
$dictionary['Contacts']['acls']['SugarACLDenyDelete'] = true;
custom\data\acl\SugarACLDenyDelete.php
class SugarACLDenyDelete extends SugarACLStrategy {
// allowed user ids
protected $user_ids_to_allow = array(
);
// denied actions: example was READ-ONLY, we want to deny only DELETE
protected $denied_actions = array(
//'edit',
'delete',
//'massupdate',
//'import',
);
// our custom method to check permissions
protected function _canUserWrite($context)
{
// retrieve user from context
$user = $this->getCurrentUser($context);
// allow only admin users or special users access
if(/*$user->isAdmin() || */in_array($user->id, $this->user_ids_to_allow)) { //we DENY to ADMINS too
return true;
} else {
return false;
}
}
// runtime access check
public function checkAccess($module, $view, $context)
{
$view = SugarACLStrategy::fixUpActionName($view);
// if it is not a blocked action, or there is no bean, allow it
if(!in_array($view, $this->denied_actions) || !isset($context['bean'])) {
return true;
}
// can user write?
if($this->_canUserWrite($context)) return true;
// everyone else for everything else is denied
return false;
}
// mostly for front-end access checks (cached on the application, per user)
public function getUserAccess($module, $access_list = array(), $context = array())
{
// retrieve original ACL
$acl = parent::getUserAccess($module, $access_list, $context);
// if user can't write
if(!$this->_canUserWrite($context)) {
// override access, disable access where required if not admin and not special user
foreach($acl as $access => $value) {
if(in_array($access, $this->denied_actions)) {
$acl[$access] = 0;
}
}
}
// return modified acl
return $acl;
}
}
Can anyone point me to a way that works in v13+?
