[User Permission] Question about user permission

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[User Permission] Question about user permission

Claudio Aschieri - Diciannove Soc. Coop.
Hi all,
I have a question about user permissions into Dolibarr (last stable
version 4.X).

I'll do an example to explain my problem.

I have to manage a company into Dolibarr where two single users (Paul
and Anna) are linked to a Supervisor (Alfred).

Paul is linked to customer "Google" with "Sales representatives" field.

Anna is linked to customer "Microsoft" with "Sales representatives" field.


 Alfred (Supervisor)
       |     
    ___|___
   |       |
   |       |
  Paul    Anna
(google)  (microsoft)


I would like that Supervisor Alfred could see all data about Google and
Microsoft, but if he isn't linked directly to the customer, Alfred
can't see nothing about them.

Is there a way to do this easily? 
Could I use "printFieldListWhere" hooks? 


Thanks to all


--
Claudio Aschieri
      __________
    ::DICIANNOVE::
      soc. coop.

cell. +39 347.624.17.96

GENOVA - Calata Andalò di Negro 16 e 17 - 16126 Genova - Italia
tel.  +39 010.99.800.20 - fax.  +390109980021

PARMA - Strada Buffolara, 26/A - 43126 Parma - Italia
tel.  +39 0521.18.411.34 - fax.  +390109980021

TORINO - via Walter Fontan 41 - 10053 Bussoleno - Italia
tel.  +39 0122.48.504 - fax.  +390109980021

Le informazioni contenute nella presente comunicazione e i relativi
allegati possono essere riservate e sono, comunque, destinate
esclusivamente alle persone o alla Societa' sopraindicati.
La diffusione, distribuzione e/o copiatura del documento trasmesso da
parte di qualsiasi soggetto diverso dal destinatario e' proibita, sia
ai sensi dell'art. 616 c.p., che ai sensi del D.Lgs. n. 196/2003.
Se avete ricevuto questo messaggio per errore, vi preghiamo di
distruggerlo e di informarci immediatamente per telefono allo
010/9980020 o inviando un messaggio all'indirizzo e-mail info@diciannov
e.coop



The information in this e-mail (which includes any files transmitted
with it) is confidential and may also be legally privileged.
It is intended for the addressee only. Access to this e-mail by anyone
else is unauthorised.
It is not to be relied upon by any person other than the addressee,
except with our prior written approval.
If no such approval is given, we will not accept any liability (in
negligence or otherwise) arising from any third party acting, or
refraining from acting on such information.
Unauthorised recipients are required to maintain confidentiality.
If you have received this e-mail in error please notify us immediately,
destroy any copies and delete it from your computer system.
Any use, dissemination, forwarding, printing or copying of this e-mail
is prohibited.
Copyright in this e-mail and any document created by us will be and
remain vested in us and will not be transferred to you.
We assert the right to be identified as the author of and to object to
any misuses of the contents of this e-mail or such documents.


_______________________________________________
Dolibarr-dev mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/dolibarr-dev
Reply | Threaded
Open this post in threaded view
|

Re: [User Permission] Question about user permission

Laurent Destailleur (aka Eldy)

The solution of using hook printFieldListWhere should be also possible but it is less reliable because:
Hook is not available on every list page yet
For all other cases than page list, you won't have protection to restrict data.

Le 6 nov. 2016 7:21 PM, "Laurent Destailleur" <[hidden email]> a écrit :

>

> No, it's not possible to do this.
> The easiest way i see is:
> - add code into thirdparty creation or edit trigger so when paul or anna are addes as sale representative to a thurd party, you also add automatically the parent alfred.
> So if alfred as not the permission "see all thirdparty", he will see only google and microsoft.
> - problem will be when editing hierarchy of users. Sales representative links are not updated. You can add code into user edit trigger to readd the parent as sale representative when you edit a user, but old parent will still be linked. You may find rules to also remove link but it might be more difficult. But i think the best and easy solution is this one: making the link sale representative between parent and thirdparty dynamically when link is added to child.
>
>
> Le 4 nov. 2016 11:58 AM, "Claudio Aschieri" <[hidden email]> a écrit :

>>

>> Hi all,
>> I have a question about user permissions into Dolibarr (last stable
>> version 4.X).
>>
>> I'll do an example to explain my problem.
>>
>> I have to manage a company into Dolibarr where two single users (Paul
>> and Anna) are linked to a Supervisor (Alfred).
>>
>> Paul is linked to customer "Google" with "Sales representatives" field.
>>
>> Anna is linked to customer "Microsoft" with "Sales representatives" field.
>>
>>
>>  Alfred (Supervisor)
>>        |     
>>     ___|___
>>    |       |
>>    |       |
>>   Paul    Anna
>> (google)  (microsoft)
>>
>>
>> I would like that Supervisor Alfred could see all data about Google and
>> Microsoft, but if he isn't linked directly to the customer, Alfred
>> can't see nothing about them.
>>
>> Is there a way to do this easily? 
>> Could I use "printFieldListWhere" hooks? 
>>
>>
>> Thanks to all
>>
>>
>> --
>> Claudio Aschieri
>>       __________
>>     ::DICIANNOVE::
>>       soc. coop.
>>
>> cell.<a href="tel:%2B39%20347.624.17.96"> +39 347.624.17.96
>>
>> GENOVA - Calata Andalò di Negro 16 e 17 - 16126 Genova - Italia
>> tel. <a href="tel:%2B39%20010.99.800.20"> +39 010.99.800.20 - fax. <a href="tel:%2B390109980021"> +390109980021
>>
>> PARMA - Strada Buffolara, 26/A - 43126 Parma - Italia
>> tel.  +39 0521.18.411.34 - fax. <a href="tel:%2B390109980021"> +390109980021
>>
>> TORINO - via Walter Fontan 41 - 10053 Bussoleno - Italia
>> tel.  +39 0122.48.504 - fax. <a href="tel:%2B390109980021"> +390109980021
>>
>> Le informazioni contenute nella presente comunicazione e i relativi
>> allegati possono essere riservate e sono, comunque, destinate
>> esclusivamente alle persone o alla Societa' sopraindicati.
>> La diffusione, distribuzione e/o copiatura del documento trasmesso da
>> parte di qualsiasi soggetto diverso dal destinatario e' proibita, sia
>> ai sensi dell'art. 616 c.p., che ai sensi del D.Lgs. n. 196/2003.
>> Se avete ricevuto questo messaggio per errore, vi preghiamo di
>> distruggerlo e di informarci immediatamente per telefono allo
>> 010/9980020 o inviando un messaggio all'indirizzo e-mail info@diciannov
>> e.coop
>>
>>
>>
>> The information in this e-mail (which includes any files transmitted
>> with it) is confidential and may also be legally privileged.
>> It is intended for the addressee only. Access to this e-mail by anyone
>> else is unauthorised.
>> It is not to be relied upon by any person other than the addressee,
>> except with our prior written approval.
>> If no such approval is given, we will not accept any liability (in
>> negligence or otherwise) arising from any third party acting, or
>> refraining from acting on such information.
>> Unauthorised recipients are required to maintain confidentiality.
>> If you have received this e-mail in error please notify us immediately,
>> destroy any copies and delete it from your computer system.
>> Any use, dissemination, forwarding, printing or copying of this e-mail
>> is prohibited.
>> Copyright in this e-mail and any document created by us will be and
>> remain vested in us and will not be transferred to you.
>> We assert the right to be identified as the author of and to object to
>> any misuses of the contents of this e-mail or such documents.
>>
>>
>> _______________________________________________
>> Dolibarr-dev mailing list
[hidden email]
>> https://lists.nongnu.org/mailman/listinfo/dolibarr-dev
>
>


_______________________________________________
Dolibarr-dev mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/dolibarr-dev
Reply | Threaded
Open this post in threaded view
|

Re: [User Permission] Question about user permission

Claudio Aschieri - Diciannove Soc. Coop.
I also have thought to this approach, but I hoped something better. :)
Thanks Eldy



Il giorno dom, 06/11/2016 alle 19.25 +0100, Laurent Destailleur (aka
Eldy) ha scritto:

> The solution of using hook printFieldListWhere should be also
> possible but it is less reliable because:
> Hook is not available on every list page yet
> For all other cases than page list, you won't have protection to
> restrict data.
>
> Le 6 nov. 2016 7:21 PM, "Laurent Destailleur" <[hidden email]
> > a écrit :
> >
> > No, it's not possible to do this. 
> > The easiest way i see is:
> > - add code into thirdparty creation or edit trigger so when paul or
> anna are addes as sale representative to a thurd party, you also add
> automatically the parent alfred.
> > So if alfred as not the permission "see all thirdparty", he will
> see only google and microsoft.
> > - problem will be when editing hierarchy of users. Sales
> representative links are not updated. You can add code into user edit
> trigger to readd the parent as sale representative when you edit a
> user, but old parent will still be linked. You may find rules to also
> remove link but it might be more difficult. But i think the best and
> easy solution is this one: making the link sale representative
> between parent and thirdparty dynamically when link is added to
> child.
> >
> >
> > Le 4 nov. 2016 11:58 AM, "Claudio Aschieri" <c.aschieri@diciannove.
> net> a écrit :
> >>
> >> Hi all,
> >> I have a question about user permissions into Dolibarr (last
> stable
> >> version 4.X).
> >>
> >> I'll do an example to explain my problem.
> >>
> >> I have to manage a company into Dolibarr where two single users
> (Paul
> >> and Anna) are linked to a Supervisor (Alfred).
> >>
> >> Paul is linked to customer "Google" with "Sales representatives"
> field.
> >>
> >> Anna is linked to customer "Microsoft" with "Sales
> representatives" field.
> >>
> >>
> >>  Alfred (Supervisor)
> >>        |     
> >>     ___|___
> >>    |       |
> >>    |       |
> >>   Paul    Anna
> >> (google)  (microsoft)
> >>
> >>
> >> I would like that Supervisor Alfred could see all data about
> Google and
> >> Microsoft, but if he isn't linked directly to the customer, Alfred
> >> can't see nothing about them.
> >>
> >> Is there a way to do this easily? 
> >> Could I use "printFieldListWhere" hooks? 
> >>
> >>
> >> Thanks to all
> >>
> >>
> >> --
> >> Claudio Aschieri
> >>       __________
> >>     ::DICIANNOVE::
> >>       soc. coop.
> >>
> >> cell. +39 347.624.17.96
> >>
> >> GENOVA - Calata Andalò di Negro 16 e 17 - 16126 Genova - Italia
> >> tel.  +39 010.99.800.20 - fax.  +390109980021
> >>
> >> PARMA - Strada Buffolara, 26/A - 43126 Parma - Italia
> >> tel.  +39 0521.18.411.34 - fax.  +390109980021
> >>
> >> TORINO - via Walter Fontan 41 - 10053 Bussoleno - Italia
> >> tel.  +39 0122.48.504 - fax.  +390109980021
> >>
> >> Le informazioni contenute nella presente comunicazione e i
> relativi
> >> allegati possono essere riservate e sono, comunque, destinate
> >> esclusivamente alle persone o alla Societa' sopraindicati.
> >> La diffusione, distribuzione e/o copiatura del documento trasmesso
> da
> >> parte di qualsiasi soggetto diverso dal destinatario e' proibita,
> sia
> >> ai sensi dell'art. 616 c.p., che ai sensi del D.Lgs. n. 196/2003.
> >> Se avete ricevuto questo messaggio per errore, vi preghiamo di
> >> distruggerlo e di informarci immediatamente per telefono allo
> >> 010/9980020 o inviando un messaggio all'indirizzo e-mail info@dici
> annov
> >> e.coop
> >>
> >>
> >>
> >> The information in this e-mail (which includes any files
> transmitted
> >> with it) is confidential and may also be legally privileged.
> >> It is intended for the addressee only. Access to this e-mail by
> anyone
> >> else is unauthorised.
> >> It is not to be relied upon by any person other than the
> addressee,
> >> except with our prior written approval.
> >> If no such approval is given, we will not accept any liability (in
> >> negligence or otherwise) arising from any third party acting, or
> >> refraining from acting on such information.
> >> Unauthorised recipients are required to maintain confidentiality.
> >> If you have received this e-mail in error please notify us
> immediately,
> >> destroy any copies and delete it from your computer system.
> >> Any use, dissemination, forwarding, printing or copying of this e-
> mail
> >> is prohibited.
> >> Copyright in this e-mail and any document created by us will be
> and
> >> remain vested in us and will not be transferred to you.
> >> We assert the right to be identified as the author of and to
> object to
> >> any misuses of the contents of this e-mail or such documents.
> >>
> >>
> >> _______________________________________________
> >> Dolibarr-dev mailing list
> >> [hidden email]
> >> https://lists.nongnu.org/mailman/listinfo/dolibarr-dev
> >
> >
> _______________________________________________
> Dolibarr-dev mailing list
> [hidden email]
> https://lists.nongnu.org/mailman/listinfo/dolibarr-dev

--
Claudio Aschieri
      __________
    ::DICIANNOVE::
      soc. coop.

cell. +39 347.624.17.96

GENOVA - Calata Andalò di Negro 16 e 17 - 16126 Genova - Italia
tel.  +39 010.99.800.20 - fax.  +390109980021

PARMA - Strada Buffolara, 26/A - 43126 Parma - Italia
tel.  +39 0521.18.411.34 - fax.  +390109980021

TORINO - via Walter Fontan 41 - 10053 Bussoleno - Italia
tel.  +39 0122.48.504 - fax.  +390109980021

Le informazioni contenute nella presente comunicazione e i relativi
allegati possono essere riservate e sono, comunque, destinate
esclusivamente alle persone o alla Societa' sopraindicati.
La diffusione, distribuzione e/o copiatura del documento trasmesso da
parte di qualsiasi soggetto diverso dal destinatario e' proibita, sia
ai sensi dell'art. 616 c.p., che ai sensi del D.Lgs. n. 196/2003.
Se avete ricevuto questo messaggio per errore, vi preghiamo di
distruggerlo e di informarci immediatamente per telefono allo
010/9980020 o inviando un messaggio all'indirizzo e-mail info@diciannov
e.coop



The information in this e-mail (which includes any files transmitted
with it) is confidential and may also be legally privileged.
It is intended for the addressee only. Access to this e-mail by anyone
else is unauthorised.
It is not to be relied upon by any person other than the addressee,
except with our prior written approval.
If no such approval is given, we will not accept any liability (in
negligence or otherwise) arising from any third party acting, or
refraining from acting on such information.
Unauthorised recipients are required to maintain confidentiality.
If you have received this e-mail in error please notify us immediately,
destroy any copies and delete it from your computer system.
Any use, dissemination, forwarding, printing or copying of this e-mail
is prohibited.
Copyright in this e-mail and any document created by us will be and
remain vested in us and will not be transferred to you.
We assert the right to be identified as the author of and to object to
any misuses of the contents of this e-mail or such documents.


_______________________________________________
Dolibarr-dev mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/dolibarr-dev