Provide limited acces via API

I would like to expose read-only subset of Contact name & UUID to an external system via an API. The external system should authenticate during the call/session.
What is the best way to achieve this? My first thought is a wrapper around the REST API.
Any other suggestions, please?

Cheers

You could wrap the current rest API or you can create a new service.

We went for the 2nd route and created a simple REST api using the slim framework and works a lot better than the existing one (which ain’t truly restful) and we tried to keep security limitations on the methods when possible.

Let me know I could share a snippet with you that might be of help.

That would be great if you could share a snippet as I’m not too sure about the slim framework you mentioned.

Thanks in advance

the REST API of Sugar/Suite CRM uses ACL from Roles in the System, that means that if you have one user with read only role, the same user logged using the API will have a read only role

best regards

That’s good to know as I was wondering about it.

I’d also like to restrict the fields that can be seen. Any suggestions for that?

I just saw this in one of your other posts: https://store.biztechconsultancy.com/suitecrm-field-level-access-control.htm which looks very interesting.

This is what we use - this is an extract for accounts module, you can extend from there

The only requirement is that you install slim with composer (it loads slim from the vendor folder)
composer.phar require slim
That will create the vendor folder and install slim, then just create a file named rest.php / (the login part is not included)

<?php if (!defined('sugarEntry')) define('sugarEntry', true); require_once('data/SugarBean.php'); require_once('include/entryPoint.php'); require_once('config.php'); require_once('include/utils.php'); require_once('include/TimeDate.php'); require_once('modules/ACLRoles/ACLRole.php'); require_once('include/SugarLogger/LoggerManager.php'); require_once('modules/Opportunities/Opportunity.php'); require_once('modules/Contacts/Contact.php'); require_once('modules/Accounts/Account.php'); require_once('modules/Calls/Call.php'); require_once('modules/Leads/Lead.php'); require_once('modules/AOS_Contracts/AOS_Contracts.php'); require_once('modules/AOS_Invoices/AOS_Invoices.php'); require_once('modules/Prospects/Prospect.php'); require_once('modules/ProspectLists/ProspectList.php'); require_once('modules/Cases/Case.php'); require_once('modules/Meetings/Meeting.php'); require_once('modules/Tasks/Task.php'); require_once('modules/Documents/Document.php'); require_once('include/utils.php'); require_once('include/formbase.php'); require 'vendor/autoload.php'; // initialize app $appRest = new \Slim\Slim(); // // route middleware for simple API authentication // function authenticate(\Slim\Route $route) { // // } function validateDate($date, $format = 'Y-m-d H:i:s') { $d = DateTime::createFromFormat($format, $date); return $d && $d->format($format) == $date; } $appRest->hook('slim.before.dispatch', function () use ($appRest) { $appRest->contentType('text/json; charset=utf-8'); error_reporting(0); session_start(); global $sugar_config, $current_user; $mock_user = new User(); if (isset($_SESSION['authenticated_user_id'])) { $current_user = $mock_user->retrieve("{$_SESSION['authenticated_user_id']}"); $user_id = $_SESSION['authenticated_user_id']; // error_log("Current User -> " . $current_user->id); if (!$current_user->id) { $appRest->halt(401); } } else { if (!$current_user->id) { $appRest->halt(403); } } }); $appRest->get('/accounts(/:id)', function ($id = null) use ($appRest) { global $sugar_config, $current_user; $accountBean = BeanFactory::getBean('Accounts'); if (isset($id)) { $account = $accountBean->retrieve($id); $module_arr = array(); if ($account->id && $account->ACLAccess('view')) { $all_fields = $account->column_fields; foreach ($all_fields as $field) { if (isset($account->$field) && !is_object($account->$field)) { $account->$field = from_html($account->$field); $account->$field = preg_replace("/\r\n/", "
", $account->$field); $account->$field = preg_replace("/\n/", "
", $account->$field); $module_arr['accounts'][$field] = $account->$field; } } echo json_encode($module_arr); }else{ $appRest->halt(403, json_encode('You shall not pass!')); } } else { $list = $accountBean->get_list(); $resultArray = []; if (is_array($list) && !empty($list)) { foreach ($list['list'] as $account) { if($account->ACLAccess('list')){ if ($account->id && $account->ACLAccess('view')) { $all_fields = $account->column_fields; foreach ($all_fields as $field) { if (isset($account->$field) && !is_object($account->$field)) { $account->$field = from_html($account->$field); $account->$field = preg_replace("/\r\n/", "
", $account->$field); $account->$field = preg_replace("/\n/", "
", $account->$field); $module_arr['accounts'][$field] = $account->$field; } } $resultArray[]=$module_arr; } }else{ $appRest->halt(403, json_encode('You shall not pass!')); } } echo json_encode($resultArray); } } });
1 Like

Thanks @mrbarletta This will take some time to digest. I don’t currently use composer but it looks like I’ll be starting soon. :slight_smile:

Cheers