:: Version 2.7.0 ::

Hide cost for some users

Prerequisite: You must be familiar with the Syntax used in Tutorials and have already created an extension.

learning:
Hide a field to some users
level:
Intermediate
domains:
PHP, Constrain, Access rights
min version:
2.3.0

In this usecase, we want to hide the cost field of a Contract if the user does not have a particular profile.
In order to do so, we will overwrite the following methods, to prevent the user to see and modify the “cost” value.

  • Get() to get it through a details, a list, a CSV export or a REST
  • GetAttributeFlags() and GetInitialAttributeFlags() to prevent the “cost” value from being modified even if user has write access on the Contract class
    • Cost won't be displayed in the view, creation and modified Contract forms
    • Cost won't be writable by CSV import for that user, even if he has bulk-write on that class
The write protection won't work if the user has:
  • API REST/JSON access
  • and write access on that class

Open question: Is it usefull to put the 2 flags hidden & readonly, or hidden implies readonly?

class:Contract
public function Get($sAttCode)
{       
    // This function is invoked each time an attribute of the object is requested
    if (($sAttCode == 'cost') && !(UserRights::HasProfile('Service Manager')))
    {
        // If you are not allowed to see this field, we don't return its true content
        return('****');
    }
    else return parent::Get($sAttCode);
}
public function GetAttributeFlags($sAttCode, &$aReasons = array(), $sTargetState = '')
{       
    // This function is invoked when the object is EDITED on the Console
    // It is called for each and every field of the object, 
 
    // Get the Flags impose by a parent class
    $iFlags = parent::GetAttributeFlags($sAttCode, $aReasons, $sTargetState);
 
    // We just want to change the behavior for a single field
    if (($sAttCode == 'cost') && !(UserRights::HasProfile('Service Manager')))
    {
        // in that case we combine using | our Flags with those existing
        $iFlags = (OPT_ATT_READONLY | OPT_ATT_HIDDEN | $iFlags);
    }
    return $iFlags;
}
public function GetInitialStateAttributeFlags($sAttCode, &$aReasons = array())
{       
    // This function is invoked when the object is CREATED on the Console
    if (($sAttCode == 'cost') && !(UserRights::HasProfile('Service Manager')))
    {
        return(OPT_ATT_READONLY | OPT_ATT_HIDDEN | parent::GetInitialStateAttributeFlags($sAttCode, $aReasons));
    }
    // For other cases ask the parent class to do the job
    return parent::GetInitialStateAttributeFlags($sAttCode, $aReasons);
}
A dashlet groupby can still go through this read protection

Remaining questions:

  • Wondering if it brings write protection on that field or if we should overwrite Set() as well.
  • At some point the CSV import feature was not calling GetInitialAttributeFlags() in creation, since iTop 2.6.1 it's no more the case
  • How to prevent a user to see protected values by the mean of a dashlet groupby? To be clear we have currently no solution.
2_7_0/customization/hide-field-on-profile.txt · Last modified: 2020/04/20 09:29 (external edit)
Back to top
Contact us