Create Quotes / Add products via Angular & Rest API

bech_t · 21 November 2017 16:26

Hi,

I use Angular 4 and RestAPI to create Quotes from an external app.

Unfortunatly, i found that users must be admin to add lines to quotes.

I’ve made somme changes to this file “./service/core/SoapHelperWebService.php” to add :


(...)

function checkSessionAndModuleAccess($session, $login_error_key, $module_name, $access_level, $module_access_level_error_key, $errorObject) {
		
		if ($module_name == 'aos_products_quotes') { return $this->checkSessionAndModuleAccess($session, $login_error_key, 'aos_quotes', $access_level, $module_access_level_error_key, $errorObject); }


(...)

And it work ! … surely until i update SuiteCRM.

So, is there another way to give rights for this submodule without give admin rights ?

thanks in advance,

thomas.

roberto · 22 November 2017 08:48

Hi,
are you sure that “line items” can not be written by normal users? Sounds strange, i have not found this limitation in the code. Where is it?

Have you verify the rights in the role of the rest user?

bech_t · 22 November 2017 11:42

hi,

I didn’t find “Line items” or “Quotes line item” in the list of available module when i check the access right for the user.
I first think it was a problem with the french translation. but can’t find it in english too.
i only see “Quotes” or “Products” and my user have all access for all modules.

is there a specific configuration for the line item i didn’t find ?

when i check in the code :

If a user want to write in AOS_Products_Quotes, check_modules_access will check the right of the user.
In $_SESSION[‘avail_modules’] for my normal user i found :

(...)
[AOS_Quotes] => 
[AOS_Products] => 
[AOS_Product_Categories] => 
[AOS_PDF_Templates] => 
[b][AOS_Products_Quotes] => read_only[/b]
[b][AOS_Line_Item_Groups] => read_only[/b]
[AOS_Contracts] => 
[AOS_Invoices] => 
(....)

If it’s empty we can write, if it’s “read_only” then check_modules_access will return false when $action=‘write’.

And if the user is admin, there is no check :

check_modules_access(...) ...  if(is_admin($user)) { ... return true; }

I see that by default get_user_module_list($user) will set “read_only” to all module before checking the access right of the user :

 foreach($modInvisList as $invis){
	$modules[$invis] = 'read_only';
    }

i continue to search…

bech_t · 22 November 2017 14:16

ok, i found that :

in “./service/core/SoapHelperWebService.php” // function get_user_module_list($user)

by default all module are read only.

then with ACLAction::getUserActions($user->id,true) the user access right is check.

but the module “AOS_Products_Quotes” is not listed by ACLAction::getUserActions() (as it’s not a main module and it’s hidden in the menu).

in “/include/modules.php” i found :


$beanList['AOS_Products_Quotes'] = 'AOS_Products_Quotes';
$beanFiles['AOS_Products_Quotes'] = 'modules/AOS_Products_Quotes/AOS_Products_Quotes.php';
$modules_exempt_from_availability_check['AOS_Products_Quotes'] = 'AOS_Products_Quotes';                                   <----
$report_include_modules['AOS_Products_Quotes'] = 'AOS_Products_Quotes';
$modInvisList[] = 'AOS_Products_Quotes';                                                                                                                        <----

And… as seen before in “get_user_module_list” :

foreach($modInvisList as $invis){
$modules[$invis] = ‘read_only’;
}

All submodule hidden from the menu seems to be readonly with RestAPI.
i’m right ?