Hi all,
need some help about ACL permissions:
I made that All employers then creating new contact this contact are private, and task are read only for other.
But then you try to access like Super Administrator or Administrator to this company you can't see this contact, and tasks.
From Task list, you can see the contact name (like private you can't access) and you can see the task, to task you can access. But to one task not all tasks.
So that I done:
with phpGalc I create 2 ACO:
edit protected contact
view protected contact
and
edit protected task
view protected task
for Super Administrator and Administrator
in ContactsCommon_0.php I add:
case 'view': if (!$i->acl_check('view contact')) {
return $param['login']==Acl::get_user();
}
--> if (!$i->acl_check('view protected contact')) return true;
return ($param['permission']!=2 || $param['login']==Acl::get_user() || $param['created_by']==Acl::get_user());
case 'clone':
case 'add': return $i->acl_check('edit contact');
case 'edit': if ($param['login']==Acl::get_user()) return true; //me
if ($param['permission']>=1 && $param['created_by']!=Acl::get_user()) return false;
if ($i->acl_check('edit contact')) return true;
--> if ($i->acl_check('edit protected contact')) return true;
if ($i->acl_check('edit my company contacts')) {
$me = self::get_my_record();
foreach($param['company_name'] as $cid)
if(in_array($cid,$me['company_name'])) return true; //customer
}
return false;
in TasksCommon_0.php I add
case 'view': if (!$i->acl_check('view task')) return false;
--> if (!$i->acl_check('view protected task')) return true;
$me = CRM_ContactsCommon::get_my_record();
return ($param['permission']!=2 || isset($param['employees'][$me['id']]));
case 'clone':
case 'add': return $i->acl_check('edit task');
case 'edit': $me = CRM_ContactsCommon::get_my_record();
if ($param['permission']>=1 &&
!in_array($me['id'],$param['employees']) &&
!in_array($me['id'],$param['customers'])) return false;
if ($i->acl_check('edit task')) return true;
--> if ($i->acl_check('edit protected task')) return true;
return false;
case 'delete': if ($i->acl_check('delete task')) return true;
$me = CRM_ContactsCommon::get_my_record();
if ($me['login']==$param['created_by']) return true;
return false;
In task_0.php
$a->allow_protected($this->acl_check('view protected contact'),$this->acl_check('edit protected contact'));
$a->allow_protected($this->acl_check('view protected task'),$this->acl_check('edit protected task'));
in contact_0.php
$a->allow_protected($this->acl_check('view protected task'),$this->acl_check('edit protected task'));
$a->allow_protected($this->acl_check('view protected contact'),$this->acl_check('edit protected contact'));
But still no luck Like Super Administrator or Administrator I can't see private records.