Details about this thread
  • State Not Answered
  • Replies 9 replies
  • Subscribers 306 subscribers
  • Views 28433 views
  • Users 0 members are here
Related content from around SugarClub

How to Prevent "XYZ" role users from creating new records for leads modules but allow edit option

shreya dalvi

Hi All,

We have a scenario where "XYZ" role users should not create new lead but they can convert the lead how to Prevent "XYZ" role users  from creating new records for leads modules but allow edit option.

Please suggest what and where customization required?

Kindest Regards,

Shreya

Parents
  • 0

    Hi ,

    The simple solution may be using the Create Controller.
    In custom/modules/Leads/clients/base/views/create/create.js get the user's role (app.user.get('roles') will get you the RoleID) and put up an Alert if they are not allowed to create a record, then stop the create view from opening.
    However, this won't stop clever users from building their own API call to create Leads, after all they have a login and password and they have create permissions through the ACL. (I recently filed an Idea for more control over who gets to build API integrations).

    In ACL, as you have seen in Roles, there is no distinction between Create and Edit in the Role permissions, so using ACL would involve extending the SugarACLStrategy and it may be more than you want to code and maintain. There is always a tradeoff when you build extensions to existing methods...


     has a SugarACLLock  extension that may give you some hints to get started with a customization, however he is still leveraging the ACL permissions so you would have to look at the original code for SugarACLStrategy (data/SugarACLStrategy.php) to see if you can extend things that way.

    FrancescaS

Reply
  • 0

    Hi ,

    The simple solution may be using the Create Controller.
    In custom/modules/Leads/clients/base/views/create/create.js get the user's role (app.user.get('roles') will get you the RoleID) and put up an Alert if they are not allowed to create a record, then stop the create view from opening.
    However, this won't stop clever users from building their own API call to create Leads, after all they have a login and password and they have create permissions through the ACL. (I recently filed an Idea for more control over who gets to build API integrations).

    In ACL, as you have seen in Roles, there is no distinction between Create and Edit in the Role permissions, so using ACL would involve extending the SugarACLStrategy and it may be more than you want to code and maintain. There is always a tradeoff when you build extensions to existing methods...


     has a SugarACLLock  extension that may give you some hints to get started with a customization, however he is still leveraging the ACL permissions so you would have to look at the original code for SugarACLStrategy (data/SugarACLStrategy.php) to see if you can extend things that way.

    FrancescaS

Children
  • 0 in reply to Francesca Shiekh

    Dear FrancescaS,

    Thanks for response!!

    I have override the CurrentUserApi.Follow the below steps.

    1. /<projectname>/clients/base/api/CurrentUserApi.php 

    To/<projectname>/custom/clients/base/api/CustomCurrentUserApi.php

    2. Add below code in the file CustomCurrentUserApi.php

    <?php  
if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');  
require_once("clients/base/api/CurrentUserApi.php");  
class CustomCurrentUserApi extends CurrentUserApi  
{  
   public function registerApiRest()  
   {  
       return parent::registerApiRest();  
   }  
   
     public function retrieveCurrentUser($api, $args) 
     { 
     $result = parent::retrieveCurrentUser($api, $args); 
     if (isset($result['current_user']['type']) 
     && !empty($result['current_user']['type'])
     && ($result['current_user']['type'] == "user")) {
     
     
     $user_roles = $this->getCurrentUserRole();
     $GLOBALS['log']->fatal("User roles".print_r($user_roles,true)); 
     
     if (in_array("XYZ Role", $user_roles))
     {
     //User is SRM
     $result['current_user']['acl']['Leads']['create'] = 'no'; 
     $GLOBALS['log']->fatal("Create option is disabled..."); 
     }
     else
     {
     //User is not SRM
     $GLOBALS['log']->fatal("Create option is enabled..."); 
     }
     }
     
     
     
     return $result; 
     }
    
}

    3. Do Quick Repair and Rebuild.

    Now create button is removed from Left navigation panel of Sugar (version 12.3.0) and also removed from listview, but user now unable to convert the Lead as "Save And Convert" button is not visible in lead conversion layout.

    Please help me asap.

    I want to remove Create button from Left navigation sidebar and listview of Lead but user should able to convert the Lead.

    Kindest Regards,

    Shreya