How to Prevent "XYZ" role users from creating new records for leads modules but allow edit option

Hi All,

We have a scenario where "XYZ" role users should not create new lead but they can convert the lead how to Prevent "XYZ" role users  from creating new records for leads modules but allow edit option.

Please suggest what and where customization required?

Kindest Regards,

Shreya

Parents
  • Hi ,

    The simple solution may be using the Create Controller.
    In custom/modules/Leads/clients/base/views/create/create.js get the user's role (app.user.get('roles') will get you the RoleID) and put up an Alert if they are not allowed to create a record, then stop the create view from opening.
    However, this won't stop clever users from building their own API call to create Leads, after all they have a login and password and they have create permissions through the ACL. (I recently filed an Idea for more control over who gets to build API integrations).

    In ACL, as you have seen in Roles, there is no distinction between Create and Edit in the Role permissions, so using ACL would involve extending the SugarACLStrategy and it may be more than you want to code and maintain. There is always a tradeoff when you build extensions to existing methods...


     has a SugarACLLock  extension that may give you some hints to get started with a customization, however he is still leveraging the ACL permissions so you would have to look at the original code for SugarACLStrategy (data/SugarACLStrategy.php) to see if you can extend things that way.

    FrancescaS

  • Dear FrancescaS,

    Thanks for response!!

    I have override the CurrentUserApi.Follow the below steps.

    1. /<projectname>/clients/base/api/CurrentUserApi.php 

    To/<projectname>/custom/clients/base/api/CustomCurrentUserApi.php

    2. Add below code in the file CustomCurrentUserApi.php

    <?php  
    if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');  
    require_once("clients/base/api/CurrentUserApi.php");  
    class CustomCurrentUserApi extends CurrentUserApi  
    {  
       public function registerApiRest()  
       {  
           return parent::registerApiRest();  
       }  
       
     public function retrieveCurrentUser($api, $args)
    {
    $result = parent::retrieveCurrentUser($api, $args);
    if (isset($result['current_user']['type'])
    && !empty($result['current_user']['type'])
    && ($result['current_user']['type'] == "user")) {


    $user_roles = $this->getCurrentUserRole();
    $GLOBALS['log']->fatal("User roles".print_r($user_roles,true));

    if (in_array("XYZ Role", $user_roles))
    {
    //User is SRM
    $result['current_user']['acl']['Leads']['create'] = 'no';
    $GLOBALS['log']->fatal("Create option is disabled...");
    }
    else
    {
    //User is not SRM
    $GLOBALS['log']->fatal("Create option is enabled...");
    }
    }



    return $result;
    }
    }

    3. Do Quick Repair and Rebuild.

    Now create button is removed from Left navigation panel of Sugar (version 12.3.0) and also removed from listview, but user now unable to convert the Lead as "Save And Convert" button is not visible in lead conversion layout.

    Please help me asap.

    I want to remove Create button from Left navigation sidebar and listview of Lead but user should able to convert the Lead.

    Kindest Regards,

    Shreya 

  • I don't think you can use ACL, I would not use the current user api either, I think mixing module-level controls with an application level API may cause confusion down the road.

    As I said above, to leverage ACL, you would have to look at the original code for SugarACLStrategy (data/SugarACLStrategy.php). If you look at that code, it takes "create" and changes it to "edit" (see function fixUpActionName in data/SugarACLStrategy.php), and if they can't edit they can't convert.

    Have you checked out the controller option? If I was doing this, this is the way I would handle it.

    your custom/modules/Leads/clients/base/views/create/create.js would look something like:

    ({
      extendsFrom: 'CreateView',
      initialize: function(options){
        this._super('initialize', [options]);
        this.checkRole();
      },
      checkRole: function(){
        if(this.user.get('role') matches the conditions you need){
            app.alert.show('canceled', {
              level: 'error',
              messages: 'Sorry, you do not have permission to create a Lead. Contact your Sugar Administrator for further information',
              autoClose: false
            });
            this->cancel();
        }
      }
     })

    Note that the out of the box CurrentUser API already gets the user roles.

  • Dear FrancescaS,

    Is there any way to hide/remove button from list view and navigation menu instead of showing alert if don't have permission?

  • Most likely yes, but you would have to do it from all the places where a lead could be added so it's a lot more work.

    Maybe someone else will have a better idea for you...

  • Dear FrancescaS,

    Thanks for help I have tried your solution above added new file at  custom/modules/Leads/clients/base/views/create/create.js with above in it, now when I click on create it gives display dialog "Sorry, you do not have permission to create a Lead. Contact your"  but when I checked in browser console it throws below  error:

    "logger.js:75 FATAL[2023-4-20 16:0:0]: Uncaught TypeError: Cannot read properties of undefined (reading 'context') at /cache/javascript/base/components_XXXXXXXXX.js on line 114409"

    Below line throws error saying "Undefined layout variable":
    " if (layout.context) {
    app.trigger('app:view:change', layout.options.type, _.extend(layout.context.attributes, {drawer: true}));
    }"

    Can you please suggest if I missed layout name somewhere?

    Kindest Regards,

    Shreya

  • I am sorry but it's very hard to help debug this way...

    I don't think this is directly related to the create view controller.

    Try to track the error by looking at the cached file that is mentioned in the log and see if there is further information that would lead you to the function that line is in... try to go from there...

  • Dear FrancescaS,

    Issue was in for loop user has two roles and first layout was closed and when second time it was trying to close there were no layout hence I was getting.

    I have resolved the issue using boolean to true in loop and using outside the loop.

    Can you please suggest to disable button we use "setDisabled(true);" what function we can use to hide instead of disabled?

    Kindest Regards,

    Shreya

  • Sorry Shreya, I have not tried dynamically disabling buttons before.
    Perhaps start a new thread asking for instructions on how to do that and see if someone else has ideas.

Reply Children
No Data