[Vtigercrm-developers] Interested? Multiple Portals with different permissions

nilay khatri nilay.spartan at gmail.com
Tue Jun 25 08:21:47 GMT 2019


Thanks Blazej for the heads up.

I am going through the code and will come back with a roadmap.


On Mon, Jun 24, 2019 at 11:16 PM Błażej Pabiszczak <
b.pabiszczak at yetiforce.com> wrote:

> It’s worth checking how the portal was created in our system in order to
> be able to follow a similar logic or architecture. The portal consists of a
> few elements:
>
> 1. A panel to manage applications: a place to grant permissions (user,
> password, type of access) for different apps, for example Client Portal,
> Partner Portal, Vendor Portal, Payments, etc. Any app that tried to get
> access from outside
>
>
> https://gitdeveloper.yetiforce.com/index.php?module=WebserviceApps&view=Index&parent=Settings&block=5&fieldid=100
>
>
> 2. A panel to manager users for the application: allows you to set default
> language and storage, and permissions for the external app, eg.:
> - permissions based on a user
> - permissions based on a contact
> - permissions based on a contact and an account the contact is assigned to
> - permissions based on a contact and an account the contact is assigned to
> and all accounts in hierarchy
> Additionally, the system shows in the application only the records flagged
> as “available from outside”.
>
>
> https://gitdeveloper.yetiforce.com/index.php?module=WebserviceUsers&view=List&parent=Settings&block=5&fieldid=106
>
>
> 3. Users’ actions (create, edit, preview, access to modules, etc.) depend
> on the profile assigned to a user configured in the panel to manage users
> for the application.
>
> 4. The widgets visible in the client’s panel are also loaded directly from
> the CRM configuration (what you can see in the panel are the same widgets
> that the user can see, but the permissions are “substituted” with the right
> ones, according to what I described in the 2nd point). The panel can be
> found here:
> https://gitdeveloper.yetiforce.com/index.php?module=WidgetsManagement&parent=Settings&view=Configuration&sourceModule=Home the
> “add role” option allows you to add an application type role (customer
> portal).
>
> 5. The last element is the customer portal that can be run on many domains
> with different configurations. Apart from managing all standard entity type
> modules it also has a built-in store (POS) that allows you to run versions
> in a stationary store for quick orders and receipt print. Additionally,
> online payments were added to the client panel. You can find the test
> version here
> https://gitdeveloper.yetiforce.com/portal/index.php?module=Products&view=Tree> it looks better if you add a picture.
>
> We’re finishing the portal (took us 2 months) and in 2-3 weeks it’s going
> to be released together with v5.2. It would be worth it to take advantage
> of ideas and knowledge we used there because it at least partially covers
> the ideas you describe here. In the following versions we’ll add management
> for internal comments, chat, documents, notifications, internal inbox, etc.
>
> One thing worth mentioning is that we removed that portal from Vtiger (and
> later also MYC) around 2 – 3 years ago due to security threats it posed,
> and from what I see not much has changes in these portals (you can still
> overwrite any record from the CRM regardless of permissions).
> --
> Z poważaniem / Kind regards
> Błażej Pabiszczak
>
>
>
>
> W dniu 2019-06-24 12:47, nilay khatri napisał(a):
>
> @Alan yes, the difference would be that, the portal users get access to
> only data which belongs to them or the Organization. But in case if portal
> users are granted access to CRM, then it becomes complicated and some times
> unachievable to restrict access only to Contact/Organization.
>
> I am talking in terms of using portal not just for customer support but
> also, as for partners, resellers, employees, distributors, vendors etc..
>
> @Tony, yes the whole topic here is about the ability to make portal
> configurable such that it could be used in various scenarios including
> Projects.
>
>
>
> On Sat, Jun 22, 2019 at 3:41 PM Tony Sandman <tonysandman999 at gmail.com>
> wrote:
>
>> Was thinking of configuring privileges in the way, so customer can
>> interact with Project and see projects tasks.
>> I don't see the way at the moment - unless two users will be assigned to
>> one record....
>>
>> On Fri, Jun 21, 2019 at 5:11 PM Alan Lord <alanslists at gmail.com> wrote:
>>
>>> On 21/06/2019 10:33, nilay khatri wrote:
>>> > Okay, get your point.
>>> >
>>> > One might suggest linking the Roles with Portal. So instead of
>>> defining
>>> > the permissions in Portal configuration, whatever permissions are
>>> > defined in the Role would be applied.
>>> >
>>> > But, then why do we need a Portal :) ?
>>>
>>> I kind of agree with this. I've said it to several customers before -
>>> why not just create some restricted user profiles and roles and let them
>>> login that way, but there is an argument for a very limited interface -
>>> like the portal, and also the portal can fairly easily be placed on the
>>> public side of a corporate network and just the Portal<->vtiger API
>>> comms allowed through the firewall.
>>>
>>> But it's kind of the point. IMHO the portal should be a "small" or
>>> "simple" view of the CRM. It should be configurable to the same extent
>>> as the CRM. Placing arbitrary restrictions on what can be done and/or by
>>> whom is not something which should be dictated by the system itself.
>>> These are dictated by the specific business needs and none of us can
>>> realistically expect to predict all of the possible use-cases...
>>>
>>>
>>> HTH
>>>
>>>
>>> Al
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> http://www.vtiger.com/
>>
>> _______________________________________________
>> http://www.vtiger.com/
>
>
> _______________________________________________
> http://www.vtiger.com/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20190625/840f2162/attachment-0001.html>


More information about the vtigercrm-developers mailing list