:: Version 3.2.0 ::
Hide cost for some users
Prerequisite: You must be familiar with the Syntax used in Tutorials and have already created an extension.
- learning:
- Hide a field to some users
- level:
- Intermediate
- domains:
- PHP, Constrain, Access rights
- methods:
- GetAttributeFlags, GetInitialStateAttributeFlags, Get
- min version:
- 2.3.0
In this usecase, we want to hide the cost field of a Contract if
the user does not have a particular profile.
In order to do so, we will overwrite the following methods, to
prevent the user to see and
modify the “cost” value.
-
Get() to get it through a details, a list, a CSV export or a REST
-
GetAttributeFlags() and GetInitialAttributeFlags() to prevent the “cost” value from being modified even if user has write access on the Contract class
-
Cost won't be displayed in the view, creation and modified Contract forms
-
Cost won't be writable by CSV import for that user, even if he has bulk-write on that class
-
The write
protection won't work if the user has:
-
API REST/JSON access
-
and write access on that class
Open question: Is it usefull to put the 2 flags hidden & readonly, or hidden implies readonly?
- class:Contract
-
public function Get($sAttCode) { // This function is invoked each time an attribute of the object is requested if (($sAttCode == 'cost') && !(UserRights::HasProfile('Service Manager'))) { // If you are not allowed to see this field, we don't return its true content return('****'); } else return parent::Get($sAttCode); } public function GetAttributeFlags($sAttCode, &$aReasons = array(), $sTargetState = '') { // This function is invoked when the object is EDITED on the Console // It is called for each and every field of the object, // Get the Flags impose by a parent class $iFlags = parent::GetAttributeFlags($sAttCode, $aReasons, $sTargetState); // We just want to change the behavior for a single field if (($sAttCode == 'cost') && !(UserRights::HasProfile('Service Manager'))) { // in that case we combine using | our Flags with those existing $iFlags = (OPT_ATT_READONLY | OPT_ATT_HIDDEN | $iFlags); } return $iFlags; } public function GetInitialStateAttributeFlags($sAttCode, &$aReasons = array()) { // This function is invoked when the object is CREATED on the Console if (($sAttCode == 'cost') && !(UserRights::HasProfile('Service Manager'))) { return(OPT_ATT_READONLY | OPT_ATT_HIDDEN | parent::GetInitialStateAttributeFlags($sAttCode, $aReasons)); } // For other cases ask the parent class to do the job return parent::GetInitialStateAttributeFlags($sAttCode, $aReasons); }
A dashlet groupby can still go
through this read protection
History of an hidden field is
not hidden, so users can still see the value in the field
Remaining questions:
-
Wondering if it brings write protection on that field or if we should overwrite Set() as well.
-
At some point the CSV import feature was not calling
GetInitialAttributeFlags()
in creation, since iTop 2.6.1 it's no more the case -
How to prevent a user to see protected values by the mean of a dashlet groupby? To be clear we have currently no solution.
3_2_0/customization/hide-field-on-profile.txt · Last
modified: 2024/09/10 10:25 (external edit)