Olivier Nepomiachty

Overriding an Action's access control in Sugar 7.5

Blog Post created by Olivier Nepomiachty Employee on May 13, 2015
When it comes to customization, Sugar 7 is far away the best and most flexible CRM on the market. The Sugar framework empowers the developers to make heavy modifications in the user interface (UI) without touching the core of the product.

 

Our customers are always coming up with interesting use cases.  One customer asked me this question.

I don't want my end users to accidentally unlink related Contact records.  Is it possible to selectively disable the Unlink button so that only some users are allowed to use it?

 



 

There are many ways to do this but here is an easy one that allow us to manage who has access to unlink a record using Teams.  But we could just as easily adapt this technique to use a Role or some other attribute of a Sugar user to do the same thing.  Sugar's flexibility means your imagination is the limit.

 

Step 1: Create the "unlink" team

 

First off, we will add a new team called "unlink" to the Sugar instance.  Only users who are members of this team will be able to perform an unlink action.

 

Log in as a Sugar Administrator, navigate to the Administration > Team Management.  Then create the team "unlink" and add the Administrator user to this team.

 

Step 2: Override the UnlinkAction field controller

 

Since we want to make this change to all uses of the UnlinkAction in all subpanels, we will override the core UnlinkAction itself instead of defining a new one and configuring it via metadata.  This is convenient since it makes our change small but could be an issue during upgrade if the base Sugar implementation of UnlinkAction changes.  In Sugar 7, each Action's access control is implemented by the hasAccess function.

 

Since we want most of the UnlinkAction's behavior to remain the same we will start by copying clients/base/fields/unlink-action/unlink-action.js to custom/clients/base/fields/unlink-action/unlink-action.js

 

The changed code is annotated with "Olivier - Start" and "Olivier - Stop" comments below.

 

unlink-action.js

/*
* Your installation or use of this SugarCRM file is subject to the applicable
* terms available at
* http://support.sugarcrm.com/06_Customer_Center/10_Master_Subscription_Agreements/.
* If you do not agree to all of the applicable terms or do not have the
* authority to bind the entity as an authorized representative, then do not
* install or use this SugarCRM file.
*
* Copyright (C) SugarCRM Inc. All rights reserved.
*/
({
    extendsFrom: 'RowactionField',
initialize: function (options) {
options.def.event = options.def.event || 'list:unlinkrow:fire';
this._super('initialize', [options]);
this.type = 'rowaction';
    },
hasAccess: function () {
var parentModule = this.context.get('parentModule');
if (parentModule === 'Home') {
return false;
        }
var link = this.context.get('link');
if (link && app.utils.isRequiredLink(parentModule, link)) {
return false;
        }
// Olivier 9 May 2015 - Start
// authorize the unlink action only if the user is a member of the team 'unlink'
var in_unlink_team = false;
for(var i=0; i<app.user.get('my_teams').length; i++)
if (app.user.get('my_teams')[i].name == 'unlink') {
                in_unlink_team = true;
break;
            }
if (in_unlink_team) return this._super('hasAccess');
else return false;
// Olivier - Stop
    }
})

 

The change in the hasAccess function is straightforward.  We test the user's list of teams to see if our special "unlink" team exists.

 

Step 3: Test it out!

 

Log in as the Administrator and run a Quick Repair and Rebuild if you haven't already and clear your browser cache for good measure.

 

Now, have the Administrator visit an Account record with related Contacts.  Notice that the Administrator is allowed to unlink any contact from this view.

 

Log in as a regular user not on the "unlink" team. Visit the same Account record as before.  Notice that this user cannot unlink any of these related Contacts.

 

Log in as the Administrator again and add the previous regular user to the team "unlink".

 

Finally, log in as the regular user again and visit the same Account record.  Notice that the user can now unlink related Contacts.

Outcomes