Hide client to commercial

geppettvs · August 3, 2019, 5:05pm

How can I disallow a user from gaining access to a client and the client’s stuff like invoices, proposals, etc?

In a previous version, if a user wasn’t named as a commercial into the client’s commercial’s area, he/she wasn’t allowed to see anything from the client, but in the latest 9.0.4 version, every single internal user can see everything, no matter what permissions I give in the user’s profile.

Thanks in advance.

EDIT: Just installed the latest 10.0.1 version and the same behavior is observed in this version.

ariffidaali · August 3, 2019, 5:24pm

The rights for 3rd parties are:
Unless the 3rd parties are linked to user then they have access to those 3rd parties:

geppettvs · August 3, 2019, 6:01pm

I guess I need to reword my question and I am going to explain this way in order to expand the scenery so that people can see what I am experiencing and what I need.

We have two users, which we are going to call user1 and user2.

What I need

If user1 create a proposal, user2 should not be able to see the proposal. The same for an invoice or other stuff made by user1.

What I am experiencing
Everything user1 do, is visible to user2

The same thing happen no matter if user2 is not named as commercial for the client.

Thanks in advance.

geppettvs · March 21, 2025, 9:39pm

I would be happy with just forbidding user1 from viewing user2 created documents.

Thanks

jonbendtsen · March 21, 2025, 9:46pm

which Dolibarr version are you running?

geppettvs · March 21, 2025, 9:58pm

Thanks for your quick answer. I am sorry, today I am using Version 20.0.4

geppettvs · March 24, 2025, 10:46pm

The only workaround I found so far, it was to create a specific third party for the user, assign the user to the third party and remove the extended permission to view all the third parties.

This actually works, but it requires having clones of all the third parties involved. Which is not a good approach.

Any help is appreciated on finding a way to set a user to only see the specific documents he created, regardless of the third parties, amounts, etc.

jonbendtsen · March 25, 2025, 7:05am

I am not that much of a Dolibarr developer. I’ve done a few minor alterations and do have some accepted Pull Requests, but that is mostly about the API which I use a lot. But I still want to try to give an answer.

I do not think that default Dolibarr can do what you want. I think you either need a module or you need some code inside main Dolibarr.

As I understand the Dolibarr data model, Users, thirdparties, proposals, orders, invoices, … are separate objects that are stored in individual database tables. These are linked together using fk_ - foreign key columns. So for a proposal there is a key that points to the thirdparty, and there is a key that points to the user who actually created the proposal.

Here’s some heavily edited extracted json from the api with an proposal

{
    "id": "1616",
    "contacts_ids": [
      "488",
      "488",
      "2175",
      "488"
    ],
    "user_validation_id": "3",
    "socid": "100",
    "user_author_id": "3",
}

(The socid is the thirdparty id.)

I THINK it would be technically possible to code that Dolibarr could have an option and possible a new permission where the current user_id would have to be the user_author_id of a proposal for Dolibarr to show the proposal.

But this would have to be done both at the proposal details and at lists of proposals, and in search + possible other places.

I’ve attached pictures of my users permission in Dolibarr. I do not thinkt hat Dolibarr currently have a permissions that is needed to do what you want to do. I think you need to either code it yourself or hire a coder to make it for you.