I'm building a custom module in SugarCRM Community Edition, I have everything set up as i'd like (almost).
In my Module i have a checkbox marked 'Processed' what i'd like to achieve is that when this checkbox is marked, the users who are 'sales agents' and not 'admins' can no longer view this record.
They need to be able to have access to the record up until the point it's marked as processed. Is this possible?
Yes, look at /modules/Employees/views/view.list.php in listViewProcess() to see how the list view always filters out users based on the status value. You would do something similar for your module to filter out Processed. Then if you need to also ensure that they can't access the record directly make sure to take care of the edit/detail views as well. In both view.detail.php and view.edit.php (or in the module's controller) check for Processed being set and if so (and perhaps not an admin or some other user type) display a "This record is already processed" message and/or do a redirection.
Related
I'm building a Moodle course for my students who are part of different batches. Each batch refers same lesson notes, but the Quiz and Assignment activities vary for each batch. The students are categorized into groups for the course and access to the activities is restricted. But the course page displays following message for restricted activities. :
"Not available unless: You belong to "
Is there any way to hide the activity as well as a message for restricted users.
You can hide the conditions by clicking on the 'eye' symbol beside the condition you want to hide:
https://docs.moodle.org/en/Restrict_access_settings#Hiding_the_conditions
You could use a hidden section and move the activity within, however the activity won't be accessible by the students in that case, expect if you're running Moodle 3.3. which is providing the new feature stealth mode: https://docs.moodle.org/33/en/Stealth_activities
Maybe it's what you are looking for?
project type is MVC2. Let say that i have page1. after success it write somethink to row and get new inserted row id and redirect to another page and sends row id as parameter. and user can see this parameter on querystring. and can change it. i think so taht it is problem in some situation(pages). i use for it a hidden input and after post checking parameter from query string with hidden input value. if they are not equal then writing in to log and redirectiong to error page. does my way is correct. or have a good methods.
thanks...
Exposing IDs like this is pretty standard and is what lets browser bookmarking of specific items work. Your job is to ensure that the user can only see and modify records that they should be able to.
If the user does some URL-hacking and enters the URL to an item they are not allowed to see or modify, you can either just kick them back to the parent page, or give an Access Denied message, depending upon the app/context.
The bottom line is never trust user input, including hidden form parameters.
how to set read only properties to the particular info path form control based on user logged in?
Your best option (assuming you are using managed code) is to get the user name with either Application.User.UserName or HttpContext.Current.User.Identity and then call IsInRole (I believe it is a member of the WindowsPrincipal class).
Save the result into the value of a field and you can then use the standard conditional formatting to lock the fields you don't want the users changing. I also usually conditionally change the look of those readonly fields (grey background fill etc) so the users don't get confused and think they can edit.
i am using Zend_Acl, PHP and is wondering how shld ACLs be implemented.
shld every page be a resource and i always query the acl to see if a user is authorized? i guess i must use this if i want to use a controller plugin (can be setup to run on every request) to check if a user is allowed?
or do i just put the query code where i need it? eg. at the top of pages i need to query the acl? then in pages publicly available, i just skip it? may get troublesome if the application gets big?
ok, i just answer this question then close it
what i did now was have a controller plugin that sets its resource based on controller name and privilege based on action name. then query the acl based on that
still under development, but what i currently have look like http://pastebin.com/9BYzms7W
I'm using Drupal 6.16: When a user creates an account on my site I have them select a category (ie children, youth, adult, etc). This is done with the select list box using the content_profile module. I have a content type that posts an announcement. In this content type is a check box that says 'email group'. Right now it does nothing, but what I would like for it to do is e-mail all the users that are associated with the group they chose when signing up for their account. If this will require extra code please be specific as I am not a strong php programmer.
Thanks for the help!!
msindle
There might be some module that do it exactly, but I don't think so.
I would have done it using few building blocks:
Retrieve the list of emails using Views - define a view that gives you the addresses according to a given group argument.
Use Rules module that will send an email notification after node is created.
Combine the two (this is the hard part) - insert the values from the view as the recipients for the email. You might be able to do it using PHP inside the Rule definition, plus view execution.
Try to accomplish it, and if you get into troubles, you are welcome to contact me via shushu.i#gmail.com
I would try http://drupal.org/project/subscriptions module + http://drupal.org/project/messaging module. You can set preferences for automatic subscribing to content type. Maybe Rules module can subscribe users automatically after creating or updating content_profile. Or maybe Rules can flag users after creating or updating content_profile and Subscription module could autosubscribe flagged users.