How do I HIDE the DELETE item in the LIST ACTIONS dropdown?

Hello Acuitus , 

I didn't review all code of the SugarACLDenyDelete.php but there is a small issue on your vardef. 
Instead of 'Contacts' it should read 'Contact': 

$dictionary['Contact']['acls']['SugarACLDenyDelete'] = true;

Thanks, with that change the DELETE item is still in the menu, but when I try to select a contact and then DELETE it, a 403 error occurs and the contact is not deleted.

Is there a way to tale the DELETE item out of the dropdown list so users can't even try?

Hello Acuitus , 

Can you describe what you are trying to accomplish. 
What are the conditions to hide the delete button in Contacts module? 

I want to stop users from being able to DELETE Contacts.

So the "condition" is "always".

(we have added a "hide" yes/no field to Contacts,, and the default filter will exclude Contacts with hide "yes")

I thought that making the ACL return FALSE for the "acl_action" of the button would automatically HIDE it?

I have managed to HIDE the DELETE button by REMOVING it from the LIST

Made a file

custom\modules\Contacts\clients\base\views\recordlist\recordlist.php

which is a copy of

modules\Contacts\clients\base\views\recordlist\recordlist.php

but with the DELETE button commented out:

            /*array( // !!! DO NOT show DELETE option
                'name' => 'massdelete_button',
                'type' => 'button',
                'label' => 'LBL_DELETE',
                'acl_action' => 'delete',
                'primary' => true,
                'events' => array(
                    'click' => 'list:massdelete:fire',
                ),
            ),*/

Hello Acuitus , 

If you want to prevent user to delete Contacts. The best is to create a new Role "Disable Contact Deletion"



And add all your users there. 
This will prevent the Delete button to show up in Contacts for all the users except Admins and no code is needed. 

Would this work for you? 

Hello Acuitus , 

If you want to prevent user to delete Contacts. The best is to create a new Role "Disable Contact Deletion"



And add all your users there. 
This will prevent the Delete button to show up in Contacts for all the users except Admins and no code is needed. 

Would this work for you? 

I would prefer a code only method, so we can easily implement this on STAGING and PRODUCTION by having the same code in place in both and running sugar_repair script.

Can you give it a try with these files: 

custom/Extension/modules/Contacts/Ext/Vardefs/noDelete.php

<?php
$dictionary['Contact']['acls']['SugarACLRestrictDelete'] = true;

<?php

if (!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');

/**
 * Custom ACL to restrict delete capabilities for Contacts module to admins only
 */
require_once('data/SugarACLStrategy.php');

class SugarACLRestrictDelete extends SugarACLStrategy
{
    /**
     * Check access method
     *
     * @param string $module
     * @param string $action
     * @param array $context
     * @return boolean
     */
    public function checkAccess($module, $action, $context)
    {
        global $current_user;

        // Apply this ACL only to the Contacts module
        if ($module !== 'Contacts') {
            return true;
        }

        // Allow all actions for admin users
        if ($current_user->isAdmin()) {
            return true;
        }

        // Restrict delete action for non-admin users
        if (strtolower($action) === 'delete') {
            return false;
        }

        // Allow other actions by default
        return true;
    }
}
?>

Seems to work for me locally. 

I hope this helps 

Cheers, 

Thanks, yes that code also stops the DELETE from working but the DELETE option still appears and trying to DELETE gives the same ERROR popups.

So I still need a custom RecordList definition without the DELETE item.

Hello Acuitus , 

That is weird.

You can check the video bellow that shows how it works on a stock installation, by default if permissions for deletion are removed the Delete button will not appear (List View, Record View ). 
Would you mind running a QRR and clear the cache/ folder just to double check

 

If the button still shows, perhaps you are referencing a custom button that was added to the instance.? 

Would you mind sharing a print screen of the button that you are referring to? 

Many thanks

André 

I tried deleting the CACHE folder and doing another repair.

I still see the DELETE option in the dropdown on the LIST page.

I also see the DELETE option on the dropdown on the DETAIL page.

We have a custom API which handles the DELETE by throwing an EXCEPTION (instead of just doing the delete!) which then shows a message to the user saying "don't delete, HIDE the Contact instead"

So we're not worried about that DELETE option still appearing. though it sounds like that should not be showing either.

With the custom RECORDLIST without the DELETE button at all we get

so no DELETE option here

Hello Acuitus , 

I still believe that the buttons shouldn't be showing up after restricting the ACL, especially given this parameter in the button definition:

'acl_action' => 'delete',

I'm not sure why or how it's appearing in the screenshot you shared—are you using an admin user or perhaps a user with admin access to Contacts?

If you'd like, feel free to send me a message, and I'd be happy to help you figure out why this might not be working as expected.

By the way, just a quick tip: if you restrict DELETE via ACL, you don’t need to add a custom exception. Sugar will automatically prevent deletions through the API endpoint as well.

Hope this helps!

Cheers,
André