[size=4][b]Update; Hide employee information for non-admins is Solved
Open include/globalControlLinks.php
In the file go to:
}
$global_control_links[‘employees’] = array(
‘linkinfo’ => array($app_strings[‘LBL_EMPLOYEES’]=> ‘index.php?module=Employees&action=index&query=true’),
‘submenu’ => ‘’
);
3. add the following line
if (is_admin ($current_user))
4. The code will look like code below
}
if (is_admin ($current_user))
$global_control_links[‘employees’] = array(
‘linkinfo’ => array($app_strings[‘LBL_EMPLOYEES’]=> ‘index.php?module=Employees&action=index&query=true’),
‘submenu’ => ‘’
);
5. Non-admins will not be able to view employees[/b][/size][/size][/size][/size]
hi,
I need the same requirement.
but when I did the above change in include/globalControlLinks.php there is no effect on my site.
Whay this is not reflact to my suitecrm site?
Hi! I need this is an old post but I’m currently using 7.11.18 and I need exactly this, that employees can’t see each other, because we are not using the CRM with employees but with partners.
Anyone has an idea for this?
I want to completely ban non admin to see other employees.
It worked for “employees”. I tried the same to unset “profile” from the same menu, but it does not work.
Do you have by chance a solution to hide it or better to let the user see his/her profile info without
editing it?
No need to apologize, it was ok the suggestion to hide “employees” from the menu.
I then just took the occasion to ask you about the “profile” too. I looked at your link
and yes it doesn’t show the profile, displaying the an error message.
To tell you the truth my preference would be to let users display their profile info
(excluding the access tab table) and let edit just certain fields, not all.
If this is not possible I would prefer to hide completely the “profile” option from the menu.
Just fyi I am using SuiteCRM 7.12.5.
In /custom/modules/Users/views/view.edit.php
let’s write something like:
<?php
if (!defined('sugarEntry') || !sugarEntry)
die('Not A Valid Entry Point');
require_once('include/MVC/View/views/view.edit.php');
class UsersViewEdit extends ViewEdit {
function __construct() {
parent::__construct();
}
function display() {
parent::display();
global $current_user;
if ( !$current_user->isAdmin() ) {
$protectionScript = <<<EOS
<script language = "javascript">
<!-- make the fields you want readonly or disabled -->
</script>
EOQ;
echo $protectionScript;
} //if
} //display function
} // class
Note that JS solutions like that are only cosmetic and cannot be considered secure. If the data gets sent to the front-end, it’s accessible, the JS can be circumvented.
I know that for some cases this is nothing to worry about, but at least I think it’s important to give the warning…
Thanks for your time, I am not so skilled so I was trying to figure out
how should I have to complete the script part.
Now pgr (thanks) remind the potential security risk of the solution, so I ask
if there is a secure solution to what I asked before (hiding access table tab
and avoid editing certain fields from the edit view profile by the user )
Dear @mariofucile , you can copy /themes/SuiteP/tpls/_headerModuleList.tpl
in
/custom/themes/SuiteP/tpls/_headerModuleList.tpl
inside it please search every occurrences of {$CURRENT_USER} or {$CURRENT_USER_ID}
and edit this Smarty file as per your needs. It’s simple as in these rows you’ll find HTML syntax.
There are many occurrences because this file not only determines how the application is rendered on a desktop window, but also on smaller browser windows like the ones for tablets and smartphones
Sorry for not replying before. I have just read your suggestion.
I copied the file mentioned in the custom dir. Found 5 instances
between “$current_user” and “$current_user_id”, but do not get
how to control user view/edit profile fields from there. Probably is
my knowledge limit. If you have any chance/time to provide an example
otherwise no problem.