Disable Creation Permission for user roles based on page types
Hi Community,
We are using the case section with 4 different pages based on the case types. We are required to disable the creation permission for different page types based on the user roles.
The OOTB Operation permission functionality in the object permission allows the Restriction at the object level. However, according to the requirement, we require this permission at the page level. Is there any workaround for us to achieve this?
I also tried the code attached below to achieve this requirement. But seems like I am missing something and the code is not working as expected.
initEditPages: function () { var roleName = "System administrators"; var esq = Ext.create("Terrasoft.EntitySchemaQuery", { rootSchemaName: "SysUserInRole" }); esq.addColumn("SysRole"); esq.filters.add("UserFilter", Terrasoft.createColumnFilterWithParameter( Terrasoft.ComparisonType.EQUAL, "SysUser", Terrasoft.SysValue.CURRENT_USER.value )); esq.filters.add("RoleFilter", Terrasoft.createColumnFilterWithParameter( Terrasoft.ComparisonType.EQUAL, "SysRole.Name", roleName )); esq.getEntityCollection(function(result) { if (!result.success || result.collection.getItems().length === 0) { // the user is *not* in the role // do something here if needed } else { // the user *is* in the role var scope = this; var Ext = this.Ext; var Terrasoft = this.Terrasoft; var collection = Ext.create("Terrasoft.BaseViewModelCollection"); var entityStructure = this.getEntityStructure(this.entitySchemaName); if (entityStructure) { Terrasoft.each(entityStructure.pages, function(editPage) { var typeUId = editPage.UId || Terrasoft.GUID_EMPTY; if (editPage.cardSchema === "BEACRCase2Page") { collection.add(typeUId, Ext.create("Terrasoft.BaseViewModel", { values: { Id: typeUId, Caption: editPage.caption, Click: {bindTo: "addRecord"}, Tag: typeUId, SchemaName: editPage.cardSchema } })); } else if (editPage.cardSchema === "BEACRCase1Page") { collection.add(typeUId, Ext.create("Terrasoft.BaseViewModel", { values: { Id: typeUId, Caption: editPage.caption, //Click: {bindTo: "addRecord"}, Tag: typeUId, SchemaName: editPage.cardSchema } })); } else if (editPage.cardSchema === "BEACCCase1Page") { collection.add(typeUId, Ext.create("Terrasoft.BaseViewModel", { values: { Id: typeUId, Caption: editPage.caption, //Click: {bindTo: "addRecord"}, Tag: typeUId, SchemaName: editPage.cardSchema } })); } else if (editPage.cardSchema === "BEAKRCase1Page") { collection.add(typeUId, Ext.create("Terrasoft.BaseViewModel", { values: { Id: typeUId, Caption: editPage.caption, //Click: {bindTo: "addRecord"}, Tag: typeUId, SchemaName: editPage.cardSchema } })); } }, scope); } this.set("EditPages", collection); } }, this); },
Kindly assist me in resolving this issue, please.
Like
Hello,
1) If you need to check roles and grant them access to some functionality it's much better to do via operations permissions check.
2) Because of point 1 you need to create several operation permissions and check all of them using RightUtilities.checkCanExecuteOperation method.
3) Based on the check result from point 2 - remove edit pages from the collection of edit pages. To do that:
3.1) Override SeparateModeAddRecordButton in the section schema
3.2) Add the check like the following:
{ "operation": "merge", "name": "SeparateModeAddRecordButton", "parentName": "SeparateModeActionButtonsLeftContainer", "propertyName": "items", "values": { "controlConfig": { "menu": { "items": { "bindTo": "EditPages", "bindConfig": { "converter": function(editPages) { if (editPages.getCount() > 1) { RightUtilities.checkCanExecuteOperation({operation: "CanCreateCustomerContact"}, function(result) { if (result) { editPages.collection.items = editPages.collection.items.filter(item => item.values.Caption.includes("Customer")); return editPages; } }); } else { return null; } } } } } } } }
It will also check if the role of the current user is in the operation permission and you don't need to call ESQ to get the list of roles, you can control it directly via the "Operation permissions" section.
In the example above all edit pages but "Customer" will be removed from the list if the user has access to the "CanCreateCustomerContact" operation (for all other users the "New" button in the Contacts section won't do anything).
So you need to test this approach and apply it to your business task.
Hi Oleg,
I appreciate your support. Please see the steps below, that were executed. I seem to be missing something and cannot see the expected result.
1. Step 01:
Created a new operation permission with the code - "CanCreatePendingDocumentCase" and added the relevant user roles who can create the particular type of case (Pending Document)
2. Step 02:
Added the below code snippet in the replacing section schema in the diff array
{ "operation": "merge", "name": "SeparateModeAddRecordButton", "parentName": "SeparateModeActionButtonsLeftContainer", "propertyName": "items", "values": { "controlConfig": { "menu": { "items": { "bindTo": "EditPages", "bindConfig": { "converter": function(editPages) { if (editPages.getCount() > 1) { RightUtilities.checkCanExecuteOperation({operation: "CanCreatePendingDocumentCase"}, function(result) { if (result) { editPages.collection.items = editPages.collection.items.filter(item => item.values.Caption.includes("Pending Document")); return editPages; } }); } else { return null; } } } } } } } }
Step 03:
Cleared the cache and checked whether only pending document case is available in the new button drop-down of the section.
But the dropdown is showing all the case types in the new button regardless of the user role.
Geeviniy Vazavan,
1) Is the Edit page called "Pending Document" (with this uppercase in P and D)? Includes method is case sensitive in JS.
2) which result is passed to the result of checkCanExecuteOperation method execution?
3) Have you added the button to the correct schema (for example it should be in ContactSectionV2, not in the ContactPageV2)?
4) Is the converted code triggered in the debugger?
Hi Oleg,
Please see the answers below.
1. Yes. The edit page "Pending Document" is in upper case P and D.
2. Result is "true"
3. It is added to the "CaseSection" schema
4. Yes. It is triggered.