[Vtigercrm-developers] Interested? Multiple Portals with different permissions

Błażej Pabiszczak b.pabiszczak at yetiforce.com
Mon Jun 24 17:46:13 GMT 2019 

It's worth checking how the portal was created in our system in order to
be able to follow a similar logic or architecture. The portal consists
of a few elements: 

1. A panel to manage applications: a place to grant permissions (user,
password, type of access) for different apps, for example Client Portal,
Partner Portal, Vendor Portal, Payments, etc. Any app that tried to get
access from outside 

https://gitdeveloper.yetiforce.com/index.php?module=WebserviceApps&view=Index&parent=Settings&block=5&fieldid=100
 

2. A panel to manager users for the application: allows you to set
default language and storage, and permissions for the external app, eg.:
- permissions based on a user
- permissions based on a contact 
- permissions based on a contact and an account the contact is assigned
to
- permissions based on a contact and an account the contact is assigned
to and all accounts in hierarchy
Additionally, the system shows in the application only the records
flagged as "available from outside". 

https://gitdeveloper.yetiforce.com/index.php?module=WebserviceUsers&view=List&parent=Settings&block=5&fieldid=106
 

3. Users' actions (create, edit, preview, access to modules, etc.)
depend on the profile assigned to a user configured in the panel to
manage users for the application. 

4. The widgets visible in the client's panel are also loaded directly
from the CRM configuration (what you can see in the panel are the same
widgets that the user can see, but the permissions are "substituted"
with the right ones, according to what I described in the 2nd point).
The panel can be found here:
https://gitdeveloper.yetiforce.com/index.php?module=WidgetsManagement&parent=Settings&view=Configuration&sourceModule=Home
the "add role" option allows you to add an application type role
(customer portal). 

5. The last element is the customer portal that can be run on many
domains with different configurations. Apart from managing all standard
entity type modules it also has a built-in store (POS) that allows you
to run versions in a stationary store for quick orders and receipt
print. Additionally, online payments were added to the client panel. You
can find the test version here
https://gitdeveloper.yetiforce.com/portal/index.php?module=Products&view=Tree
- it looks better if you add a picture. 

We're finishing the portal (took us 2 months) and in 2-3 weeks it's
going to be released together with v5.2. It would be worth it to take
advantage of ideas and knowledge we used there because it at least
partially covers the ideas you describe here. In the following versions
we'll add management for internal comments, chat, documents,
notifications, internal inbox, etc. 

One thing worth mentioning is that we removed that portal from Vtiger
(and later also MYC) around 2 - 3 years ago due to security threats it
posed, and from what I see not much has changes in these portals (you
can still overwrite any record from the CRM regardless of permissions).

--

Z poważaniem / Kind regards 
Błażej Pabiszczak 

W dniu 2019-06-24 12:47, nilay khatri napisał(a):

> @Alan yes, the difference would be that, the portal users get access to only data which belongs to them or the Organization. But in case if portal users are granted access to CRM, then it becomes complicated and some times unachievable to restrict access only to Contact/Organization. 
> 
> I am talking in terms of using portal not just for customer support but also, as for partners, resellers, employees, distributors, vendors etc.. 
> 
> @Tony, yes the whole topic here is about the ability to make portal configurable such that it could be used in various scenarios including Projects. 
> 
> On Sat, Jun 22, 2019 at 3:41 PM Tony Sandman <tonysandman999 at gmail.com> wrote: 
> 
> Was thinking of configuring privileges in the way, so customer can interact with Project and see projects tasks. 
> I don't see the way at the moment - unless two users will be assigned to one record.... 
> 
> On Fri, Jun 21, 2019 at 5:11 PM Alan Lord <alanslists at gmail.com> wrote: On 21/06/2019 10:33, nilay khatri wrote:
>> Okay, get your point.
>> 
>> One might suggest linking the Roles with Portal. So instead of defining 
>> the permissions in Portal configuration, whatever permissions are 
>> defined in the Role would be applied.
>> 
>> But, then why do we need a Portal :) ?
> 
> I kind of agree with this. I've said it to several customers before - 
> why not just create some restricted user profiles and roles and let them 
> login that way, but there is an argument for a very limited interface - 
> like the portal, and also the portal can fairly easily be placed on the 
> public side of a corporate network and just the Portal<->vtiger API 
> comms allowed through the firewall.
> 
> But it's kind of the point. IMHO the portal should be a "small" or 
> "simple" view of the CRM. It should be configurable to the same extent 
> as the CRM. Placing arbitrary restrictions on what can be done and/or by 
> whom is not something which should be dictated by the system itself. 
> These are dictated by the specific business needs and none of us can 
> realistically expect to predict all of the possible use-cases...
> 
> HTH
> 
> Al
> 
> _______________________________________________
> http://www.vtiger.com/ _______________________________________________
> http://www.vtiger.com/

_______________________________________________
http://www.vtiger.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20190624/ce8b0d75/attachment.html>

More information about the vtigercrm-developers mailing list