[Vtigercrm-developers] Has anyone setup or implemented restricted sharing?
Adam Heinz
amh at metricwise.net
Thu Apr 5 09:20:56 PDT 2012
I was noodling around with something similar to this problem today and
I discovered that if you're willing to modify the database outside of
the admin ui, you CAN grant module permissions for edit view without
granting save (which is currently useless, but has potential for
create vs edit) and it looks like you can also grant module
permissions for list view without granting detail view.
Unfortunately, I am describing core permissions, not sharing rules.
Now, stock vtiger only has two sharing rules, read and write. Read
maps to edit view and save, write maps to list and detail views. My
custom build already runs with a third sharing type, delete. I've
attached a patch that shows how I've taken the hard-wired read/write
functions and replaced with a more generic function that also supports
delete. Of special note is the section commented with // FIXME: Magic
numbers. (D'oh.) There's no reason that we couldn't do away with the
actionid to string mapping entirely and get extremely granular sharing
permissions, which would allow Mark to do list-only sharing.
Looking at this from a different angle, I'm not sure what you gain by
giving someone list view access without detail view. I can customize
my list filters from the user interface, so I can display everything
available in detail view in list view. There's no security benefit to
granting one without the other.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sharing.patch
Type: application/octet-stream
Size: 8899 bytes
Desc: not available
Url : http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20120405/8bdf38b1/attachment-0002.obj
More information about the vtigercrm-developers
mailing list