Yesterday the conversation was around determining the module level ACL permissions, more specifically determining if the User object has Administrator or Developer privileges for the module. Today, we’ll drop down a level and look at how to determine if a user has permission at the record level, and also look at various other permission that can be set.
There’s a nice API for reading into this, using the SugarBean::ACLAccess($view) method call. For the $view parameter, you can pass in one of several options, as illustrated below…
You’ll notice the options are broken into two parts…
- A set of ACLs pertaining to the record itself ( view, edit, delete, export ). These also leverage the record owner to determine if the current User object has access to do that action
- A set of ACLs around the module itself ( list, export, massupdate ).
Once again, these can be used anywhere in the app ( including Smarty templates ) and can be easily used to figure out if the user has access to a record or not, or whether certain module actions can be performed by the user or not.
Tomorrow, we will dig one level deeper, and look at how in the commercial editions you can leverage ACLs at the field level as well.