espoCRM customization: allow non-sysadmin user edit users data

problem: be default, espoCRM only expose users data to users with sysadmin role. in role access management, user entity is not in the manage entity list.

solution:

1. override acl of user entity at custom/Espo/Custom/Resources/metadata/scopes/User.json. add edit in aclActionList, add “team”, “all” in aclActionLevelListMap.

    "aclActionList": ["read", "edit"],
    "aclActionLevelListMap": {
        "edit": ["own", "no", "team", "all"]
    },

2. override acl user.php at custom/Espo/Custom/Acl/User.php. ensure to remove or change line of

        if (!$user->isAdmin()) {
            if ($user->id !== $entity->id) {
                return false; // change this logic
            }
        }

ref: how to 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s