0

I have built a simple module simply using Module Builder in SugarCRM Community Edition.

This is a really basic module to hold FTP/Server logins for different accounts.

The problem I have now, is I do not want just any user in Sugar to be able to see my Password field which holds passwords for each record. I would lkike to restrict this to admin users only or a certain user type.

Any ideas how I can do this in CE?

I see that I can create an Access Role in Sugar and simply restrict access to the whole module. This might work but it would be really nice if I could do it in code or simply just restrict my "password" field in my module to admin only view.

JasonDavis
  • 48,204
  • 100
  • 318
  • 537

1 Answers1

1

If you just want to restrict to admin users do an is_admin() check on the current user in the view. If false, then redirect. If it is an embedded field, do not show the field. If you want to allow certain non-admins to have access then you would need to do it via a role. Flip list/view/etc to All for that module and assign that role to the appropriate users. There is a caveat, if a user is a member of multiple roles the user will inherit the most restrictive of all the roles. Which basically means that the user wouldn't have rights to the custom module if a member of multiple roles. SecuritySuite (https://www.sugaroutfitters.com/addons/securitysuite) includes an option to set that behavior to permissive instead. So the user would get the greatest of all rights from all roles associated to the user.

egg
  • 1,736
  • 10
  • 12