Thread Rating:
  • 1 Vote(s) - 4 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Trying to limit field access throuhg workflow
#5
Will study this as soon as I have a chance, because I think I can meet a lot of earlier demands this way, before I knew this was possible.

So basically, I could setup a field validation that checks the current_user (if he / she belongs to a certain group or profile), then check the value of the 'status' field and alert something like "you are nor permitted to change the status to this value" for anyone who is not in the correct group / profile?

Hmm, I now have a file called "SalesOrderValidation.php" that looks like this:

PHP Code:
<?php

global $log,$currentModule,$adb,$current_user;

$screen_values json_decode($_REQUEST['structure'],true);

$q "SELECT vtiger_groups.groupname FROM vtiger_groups INNER JOIN vtiger_users2group ON vtiger_groups.groupid = vtiger_users2group.groupid WHERE vtiger_users2group.userid = ?";
$p = array($current_user->id);
$r $adb->pquery($q$p);

$groups = array();

while (
$groupname $adb->fetch_array($r)) {
    
$groups[] = $groupname;
}

$q "SELECT sostatus FROM vtiger_salesorder WHERE salesorderid = ?";
$p = array(vtlib_purify($screen_values['record']));
$r $adb->pquery($q$p);
$current_status $adb->query_result($r0'sostatus');

if (!
in_array('Administratie'$groups) && $current_status == 'Wacht op betaling') {
    echo 
'You are not allowed to change the status from \'Wacht op betaling\'';
    die();
}

echo 
'%%%OK%%%'

With dummy value and through the Ajax action I can test, and it works.. But not in the actual application. I am able to save the record, even though the current value is "Wacht op betaling" and I'm not in the group.
Reply


Messages In This Thread
RE: Trying to limit field access throuhg workflow - Guido1982 - 11-01-2016, 08:30 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)