/** * Run the check Access for this custom ACL helper. * * @param string $module * @param string $view * @param array $context * @return bool */ public function checkAccess($module, $view, $context) { if ($module != 'ForecastWorksheets') { return false; } if ($view == 'team_security') { // Let the other modules decide return true; } // Let's make it a little easier on ourselves and fix up the actions nice and quickly $view = SugarACLStrategy::fixUpActionName($view); $bean = $this->getForecastByBean(); $current_user = $this->getCurrentUser($context); if (empty($view) || empty($current_user->id)) { return true; } if ($view == 'field') { // Opp Bean, Amount Field = Likely Case on worksheet if ($bean instanceof Opportunity && $context['field'] == 'likely_case') { $context['field'] = 'amount'; } // always set the bean to the context $context['bean'] = $bean; // make sure the user has access to the field return $bean->ACLFieldAccess($context['field'], $context['action'], $context); } return true; }
/** * Check access a current user has on Users and Employees * @param string $module * @param string $view * @param array $context * @return bool|void */ public function checkAccess($module, $view, $context) { if ($view == 'team_security') { // Let the other modules decide return true; } // Let's make it a little easier on ourselves and fix up the actions nice and quickly $view = SugarACLStrategy::fixUpActionName($view); if ($view == 'field') { $context['action'] = SugarACLStrategy::fixUpActionName($context['action']); } // Other fields can only be edited when you create a record. if (!empty($context['bean']) && !empty($context['bean']->id) && $view == 'field' && $context['action'] == 'edit' && isset($this->create_only_fields[$context['field']])) { return false; } // We can create without further restrictions if ((empty($context['bean']) || empty($context['bean']->id) || $context['bean']->new_with_id == true) && $view == 'edit' || $view == 'field' && $context['action'] == 'edit') { return true; } // Some c_keys are special, they can't edit them, but if they really want to delete them we will allow it if (isset($context['bean']) && is_a($context['bean'], 'SugarBean')) { if ($view == 'edit' || isset($context['action']) && $context['action'] == 'edit') { if ($context['bean']->c_key == 'sugar' || $context['bean']->c_key == 'support_portal') { return false; } } } return true; }
/** * Check access a current user has on Users and Employees * @param string $module * @param string $view * @param array $context * @return bool|void */ public function checkAccess($module, $view, $context) { if ($module != 'Users' && $module != 'Employees') { // how'd you get here... return false; } if ($view == 'team_security') { // Let the other modules decide return true; } $current_user = $this->getCurrentUser($context); $bean = self::loadBean($module, $context); $myself = $this->myselfCheck($bean, $current_user); // Let's make it a little easier on ourselves and fix up the actions nice and quickly $view = SugarACLStrategy::fixUpActionName($view); if ($view == 'field') { $context['action'] = SugarACLStrategy::fixUpActionName($context['action']); } // even an admin can't delete themselves if ($myself) { if ($view == 'delete') { // Here's the obvious way to disable yourself return false; } if ($view == 'field' && ($context['action'] == 'edit' || $context['action'] == 'massupdate' || $context['action'] == 'delete') && ($context['field'] == 'employee_status' || $context['field'] == 'status')) { // This is another way to disable yourself return false; } } if ($current_user->isAdminForModule($module)) { return true; } if (empty($view) || empty($current_user->id)) { return true; } // We can edit ourself if ($myself && $view == 'edit') { return true; } if (!$myself && $view == 'field' && !empty($this->no_access_fields[$context['field']])) { // This isn't us, these aren't fields we should be poking around in. return false; } if (!empty($this->view_checks[$view])) { if ($view == 'field' && ($context['action'] == 'edit' || $context['action'] == 'massupdate' || $context['action'] == 'delete') && !empty($this->no_edit_fields[$context['field']])) { return false; } return true; } return false; }
/** * Check access a current user has on Users and Employees * @param string $module * @param string $view * @param array $context * @return bool|void */ public function checkAccess($module, $view, $context) { if ($view == 'team_security') { // Let the other modules decide return true; } // Let's make it a little easier on ourselves and fix up the actions nice and quickly $view = SugarACLStrategy::fixUpActionName($view); if ($view == 'field') { $context['action'] = SugarACLStrategy::fixUpActionName($context['action']); } // Some fields can only be edited when you create a record. if (!empty($context['bean']) && !empty($context['bean']->id) && $view == 'field' && $context['action'] == 'edit' && isset($this->create_only_fields[$context['field']])) { return false; } return true; }
/** * Check recurring source to determine edit * @param string $module * @param string $view * @param array $context * @return bool|void */ public function checkAccess($module, $view, $context) { $bean = self::loadBean($module, $context); // if there is no bean we have nothing to check if ($bean === false) { return true; } // if the recurring source is Sugar allow modifications if (in_array($view, self::$syncingViews) && !empty($bean->recurring_source) && !empty($bean->fetched_row['recurring_source']) && $bean->recurring_source == 'Sugar' && $bean->recurring_source == $bean->fetched_row['recurring_source']) { return true; } $view = SugarACLStrategy::fixUpActionName($view); if (in_array($view, self::$syncingViews) && isset($_SESSION['platform']) && isset(self::$platformSourceMap[$_SESSION['platform']]) && !empty($bean->recurring_source) && !empty($bean->fetched_row['recurring_source']) && $bean->fetched_row['recurring_source'] != self::$platformSourceMap[$_SESSION['platform']] && $bean->recurring_source != self::$platformSourceMap[$_SESSION['platform']]) { return false; } return true; }
public function getFieldListAccess($module, $field_list, $context) { $user = $this->getCurrentUser($context); if (empty($user) || empty($user->id) || is_admin($user)) { return array(); } if (!ACLField::hasACLs($user->id, $module)) { return array(); } return parent::getFieldListAccess($module, $field_list, $context); }