bech_t
21 November 2017 16:26
#1
Hi,
I use Angular 4 and RestAPI to create Quotes from an external app.
Unfortunatly, i found that users must be admin to add lines to quotes.
I’ve made somme changes to this file “./service/core/SoapHelperWebService.php ” to add :
(...)
function checkSessionAndModuleAccess($session, $login_error_key, $module_name, $access_level, $module_access_level_error_key, $errorObject) {
if ($module_name == 'aos_products_quotes') { return $this->checkSessionAndModuleAccess($session, $login_error_key, 'aos_quotes', $access_level, $module_access_level_error_key, $errorObject); }
(...)
And it work ! … surely until i update SuiteCRM.
So, is there another way to give rights for this submodule without give admin rights ?
thanks in advance,
thomas.
Hi,
are you sure that “line items” can not be written by normal users? Sounds strange, i have not found this limitation in the code. Where is it?
Have you verify the rights in the role of the rest user?
bech_t
22 November 2017 11:42
#3
hi,
I didn’t find “Line items” or “Quotes line item” in the list of available module when i check the access right for the user.
I first think it was a problem with the french translation. but can’t find it in english too.
i only see “Quotes” or “Products” and my user have all access for all modules.
is there a specific configuration for the line item i didn’t find ?
when i check in the code :
If a user want to write in AOS_Products_Quotes, check_modules_access will check the right of the user.
In $_SESSION[‘avail_modules’] for my normal user i found :
(...)
[AOS_Quotes] =>
[AOS_Products] =>
[AOS_Product_Categories] =>
[AOS_PDF_Templates] =>
[b][AOS_Products_Quotes] => read_only[/b]
[b][AOS_Line_Item_Groups] => read_only[/b]
[AOS_Contracts] =>
[AOS_Invoices] =>
(....)
If it’s empty we can write, if it’s “read_only” then check_modules_access will return false when $action=‘write’.
And if the user is admin, there is no check :
check_modules_access(...) ... if(is_admin($user)) { ... return true; }
I see that by default get_user_module_list($user) will set “read_only” to all module before checking the access right of the user :
foreach($modInvisList as $invis){
$modules[$invis] = 'read_only';
}
i continue to search…
bech_t
22 November 2017 14:16
#4
ok, i found that :
in “./service/core/SoapHelperWebService.php” // function get_user_module_list($user)
by default all module are read only.
then with ACLAction::getUserActions($user->id,true) the user access right is check.
but the module “AOS_Products_Quotes” is not listed by ACLAction::getUserActions() (as it’s not a main module and it’s hidden in the menu).
in “/include/modules.php” i found :
$beanList['AOS_Products_Quotes'] = 'AOS_Products_Quotes';
$beanFiles['AOS_Products_Quotes'] = 'modules/AOS_Products_Quotes/AOS_Products_Quotes.php';
$modules_exempt_from_availability_check['AOS_Products_Quotes'] = 'AOS_Products_Quotes'; <----
$report_include_modules['AOS_Products_Quotes'] = 'AOS_Products_Quotes';
$modInvisList[] = 'AOS_Products_Quotes'; <----
And… as seen before in “get_user_module_list” :
foreach($modInvisList as $invis){
$modules[$invis] = ‘read_only’;
}
All submodule hidden from the menu seems to be readonly with RestAPI.
i’m right ?