User's permission #487
Comments
|
Hello @LifeHunter<mailto:[email protected]>,
Thank you for the supportive feedback.
In terms of users the OpenCATS system currently assumes you manage your own staff role “labeling” and provides you the flexibility to assign access policy, as such:
* Read Only
* Add / Edit
* Add / Edit / Delete (Default)
* Site Administrator
* Root
What you’re asking for is the ability to create role, assign roles access policy and then label a user with a “role”. It may be a feature that can be considered for future release. Please check-in with @RussH for target version.
On the flip side, a Job Order and Candidate ownership concept already exists in OpenCATS.
When you create a Job Order you have the option of assigning it a Recruiter and an Owner.
Likewise, when you create a Candidate you have the option of assigning it an Owner.
Hope I was able to help with the above immediate solutions.
Regards,
Shant Adam
From: lifehunter <[email protected]>
Reply-To: opencats/OpenCATS <[email protected]>
Date: Sunday, August 23, 2020 at 1:58 AM
To: opencats/OpenCATS <[email protected]>
Cc: Subscribed <[email protected]>
Subject: [opencats/OpenCATS] User's permission (#487)
Hi everyone,
First of all, thank you all for providing us with this great free software.
I'm not a programmer, after I searched there, I can not find the solution, so I carefully put forward the proposal:
I have a firm wish several employee, the information of Job Orders and Candidates is vital for every employee, could we support this:
* OpenCATS system can set three roles: staff, manager, administrator.
* The administrator create staff role with this permission: each staff will manages their own Job Orders and their own Candidates, and will not be able to see others' Job Orders & Candidates.
* The administrator create manager role with this permission: each manager supervises several staffs, and this manager will sees their own staff's (one or more) Job Orders and Candidates.
Kind regards and thanks again.
Chrisp
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub<#487>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AA53AVP7O2NDCBYS7PFHIBDSCCVYDANCNFSM4QIPQJMQ>.
|
Thank Adam for your response. Thanks again. Chris |
|
Operationally, I can see this would be an issue with staff absences and teams? However can't you just hard-code this option to be the default? |
|
I would like to hard-code that. Is it a straightforward task, such as adding a line or two to a PHP file using FileZilla, or is it more complex for someone with little experience? For context, I have managed to get it working with web hosting, so I have a basic understanding. Thank you for your help! |
|
Hi @aldnoahs so originally I was just proposing a quick change so the 'only my candidates / customers / job orders / companies / contacts' checkbox was always checked with no option to uncheck it. It's a quick and easy change but definitely not a 100% secure, recruiters will never see other clients/candidates? Make sure it's the right thing for your workflow too - I'd assume you want all candidates visible to everyone? Anyway if that's okay, then in the /modules/candidates (and in e.g. /modules/companies) for each of the ticks you want to be hard-coded to 'only my...' - then just find the section of the *.tpl file below tha tocxntrols the checkbox (i.e. in the Candidates.tpl file) - change lines 33-36 from this;
to this; That should do it - just removes the option to uncheck it. Do the same in the Customers / Job Orders / Contacts modules as required. Haven't checked this on a test system, so please make a backup copy of the original file before you go changing it so you can quickly revert back if needed. |
|
Hi RussH, thank you so much for your fast and helpfull reply! (aswell as open-sourcing this project!) If we hardcode it that way is it still possible for the Root users to see all the candidates? Maybe its easier to explain the goal: My problem is that freelance recruiter x is ok with sharing their candidate with us for our vacancies. But they dont want freelance recruiter y to see their candidates. The companys and contact tab should also be blocked/hidden sinds i will be doing the client side. So in a nutshell i would like to edit user ('ACCESS_LEVEL_EDIT', 200);
Is this something that is possible or would the checkbox option be the best bet for me to start out? Once again thank you for this project! Sincerly, |
|
Just a quick update as need to crack on at work - but as I suspect the 'lock everything down ' wont work if you want some groups to have access and others unrestricted. Luckily there's a more granular ACL feature in Opencats, you can defined roles, assign users, some people can see this and others can see that. I have not touched it.. as haven't needed it, but it's controlled by config held in config.php, and details are here: https://github.com/opencats/OpenCATS/wiki/Access-Control-Lists |
|
Thank you Russh, So i threw the wiki + our forum chat in cody together with what i would like to archieve (see my post from before). Cody responded: Based on your requirements, we need to modify the ACL (Access Control List) settings for the freelance recruiter role. We'll create a new role called 'freelance_recruiter' and set up the appropriate access levels. Here's how you can modify the config.php file to achieve this: First, add the 'freelance_recruiter' role to the USER_ROLES array: } This configuration does the following: Sets the default access level to DISABLED for all objects. To implement the restriction that freelancers can only see their own candidates and job orders assigned to them, you'll need to modify the core application code. This can't be done through the ACL configuration alone. You'll need to add filters to the relevant queries in the application code. For example, in the file that handles candidate listing (probably something like modules/candidates/Candidates.php), you'll need to modify the query to only show candidates added by the current user. Similarly, for job orders, you'll need to modify the query to only show job orders assigned to the current user. Here's a general idea of how you might modify these queries: For candidates: $sql = "SELECT * FROM candidate WHERE added_by = " . $this->_userID; For job orders: $sql = "SELECT * FROM joborder WHERE assigned_to = " . $this->_userID; Remember to apply these filters only for users with the 'freelance_recruiter' role. To hide the Companies and Contacts tabs, you can modify the main template file (probably modules/home/Home.tpl) to not display these tabs for users with the 'freelance_recruiter' role. These changes will require modifications to the core OpenCATS code, so be sure to back up your system before making these changes. Also, note that these changes may need to be reapplied if you update OpenCATS in the future. I will be playing and trying to get it to work this weekend. I will update the results would someone ever need it (if it works) |
Yea.. no succes.. i kept walking into errors. went back to a backup. I digged some more in the files and after hours of chating with ai, we came to a new aproach: ///////////////////////////////////
php define('ACCESS_LEVEL_EDIT', 200); After (adding new constants): php define('ACCESS_LEVEL_VIEW_OWN', 300); // Update existing access level definition...
php public function hasAccessLevel($level) After (adding new method): php public function canViewOwnData() // Update existing hasAccessLevel() method to include DENY_COMPANIES_CONTACTS...
php public function getCompany() After (adding new method): php public function canViewOwnData($user) // Update existing getCompany() method to check for access level VIEW_OWN_DATA...
php public function view($id) After (adding access level check): php if (!$this->user->canViewOwnData()) { // Update existing view() method to include access level check...
php Company: {{ $candidate->company }} After (adding conditional statement): php @if ($candidate->getCompany() && $this->user->canViewOwnData()) Company: {{ $candidate->company }} @endif Please review these examples carefully and adjust them according to your specific use case. Remember to test the modified code thoroughly before deploying it in production. Ill try it again tonight or the weekend, ill keep you posted. |
|
I've not used Cody before, looks interesting if it works! |
Hi everyone,
First of all, thank you all for providing us with this great free software.
I'm not a programmer, so I can not coding for my purpose. After I searched there, I can not find the solution, so I carefully put forward the proposal:
I have a firm wish several employee, the information of Job Orders and Candidates is vital for every employee, could we support this:
After Adam's tips, I clarify that I know OpenCATS provides the flexibility to assign access policy, as such:
And, OpenCATS allows the Admin creates one Job Order and has the option of assigning it a Recruiter and an Owner.
However, these existing features still cannot solve the problem that‘s listed in my proposal.
Kind regards and thanks again.
Chrisp
The text was updated successfully, but these errors were encountered: