mirror of
https://github.com/espocrm/espocrm.git
synced 2026-06-28 15:06:06 +00:00
restrict access to mention
This commit is contained in:
yuri
@@ -63,6 +63,9 @@ class Mentions extends \Espo\Core\Hooks\Base
|
||||
$userName = substr($item, 1);
|
||||
$user = $this->getEntityManager()->getRepository('User')->where(array('userName' => $userName))->findOne();
|
||||
if ($user) {
|
||||
if (!$this->getAcl()->checkPermission('assignmentPermission', $user)) {
|
||||
continue;
|
||||
}
|
||||
$m = array(
|
||||
'id' => $user->id,
|
||||
'name' => $user->get('name'),
|
||||
|
||||
@@ -49,35 +49,46 @@ Espo.define('views/note/fields/post', ['views/fields/text', 'lib!Textcomplete'],
|
||||
Dep.prototype.afterRender.call(this);
|
||||
this.$element.attr('placeholder', this.translate('writeMessage', 'messages', 'Note'));
|
||||
|
||||
this.$element.textcomplete([{
|
||||
match: /(^|\s)@(\w*)$/,
|
||||
search: function (term, callback) {
|
||||
if (term.length == 0) {
|
||||
callback([]);
|
||||
return;
|
||||
var assignmentPermission = this.getAcl().get('assignmentPermission');
|
||||
|
||||
var buildUserListUrl = function (term) {
|
||||
var url = 'User?orderBy=name&limit=7&q=' + term + '&' + $.param({'primaryFilter': 'active'});
|
||||
if (assignmentPermission == 'team') {
|
||||
url += '&' + $.param({'boolFilterList': ['onlyMyTeam']})
|
||||
}
|
||||
return url;
|
||||
}.bind(this);
|
||||
|
||||
if (assignmentPermission !== 'no') {
|
||||
this.$element.textcomplete([{
|
||||
match: /(^|\s)@(\w*)$/,
|
||||
search: function (term, callback) {
|
||||
if (term.length == 0) {
|
||||
callback([]);
|
||||
return;
|
||||
}
|
||||
$.ajax({
|
||||
url: buildUserListUrl(term)
|
||||
}).done(function (data) {
|
||||
callback(data.list)
|
||||
});
|
||||
},
|
||||
template: function (mention) {
|
||||
return mention.name + ' <span class="text-muted">@' + mention.userName + '</span>';
|
||||
},
|
||||
replace: function (o) {
|
||||
return '$1@' + o.userName + '';
|
||||
}
|
||||
$.ajax({
|
||||
url: 'User?orderBy=name&limit=7&q=' + term,
|
||||
}],{
|
||||
zIndex: 1100
|
||||
});
|
||||
|
||||
}).done(function (data) {
|
||||
callback(data.list)
|
||||
});
|
||||
},
|
||||
template: function (mention) {
|
||||
return mention.name + ' <span class="text-muted">@' + mention.userName + '</span>';
|
||||
},
|
||||
replace: function (o) {
|
||||
return '$1@' + o.userName + '';
|
||||
}
|
||||
}],{
|
||||
zIndex: 1100
|
||||
});
|
||||
|
||||
this.once('remove', function () {
|
||||
if (this.$element.size()) {
|
||||
this.$element.textcomplete('destroy');
|
||||
}
|
||||
}, this);
|
||||
this.once('remove', function () {
|
||||
if (this.$element.size()) {
|
||||
this.$element.textcomplete('destroy');
|
||||
}
|
||||
}, this);
|
||||
}
|
||||
},
|
||||
|
||||
validateRequired: function () {
|
||||
|
||||
@@ -153,34 +153,45 @@ Espo.define('views/stream/panel', ['views/record/panels/relationship', 'lib!Text
|
||||
collection.fetch();
|
||||
}
|
||||
|
||||
this.$textarea.textcomplete([{
|
||||
match: /(^|\s)@(\w*)$/,
|
||||
index: 2,
|
||||
search: function (term, callback) {
|
||||
if (term.length == 0) {
|
||||
callback([]);
|
||||
return;
|
||||
var assignmentPermission = this.getAcl().get('assignmentPermission');
|
||||
|
||||
var buildUserListUrl = function (term) {
|
||||
var url = 'User?orderBy=name&limit=7&q=' + term + '&' + $.param({'primaryFilter': 'active'});
|
||||
if (assignmentPermission == 'team') {
|
||||
url += '&' + $.param({'boolFilterList': ['onlyMyTeam']})
|
||||
}
|
||||
return url;
|
||||
}.bind(this);
|
||||
|
||||
if (assignmentPermission !== 'no') {
|
||||
this.$textarea.textcomplete([{
|
||||
match: /(^|\s)@(\w*)$/,
|
||||
index: 2,
|
||||
search: function (term, callback) {
|
||||
if (term.length == 0) {
|
||||
callback([]);
|
||||
return;
|
||||
}
|
||||
$.ajax({
|
||||
url: buildUserListUrl(term),
|
||||
}).done(function (data) {
|
||||
callback(data.list)
|
||||
});
|
||||
},
|
||||
template: function (mention) {
|
||||
return mention.name + ' <span class="text-muted">@' + mention.userName + '</span>';
|
||||
},
|
||||
replace: function (o) {
|
||||
return '$1@' + o.userName + '';
|
||||
}
|
||||
$.ajax({
|
||||
url: 'User?orderBy=name&limit=7&q=' + term,
|
||||
}]);
|
||||
|
||||
}).done(function (data) {
|
||||
callback(data.list)
|
||||
});
|
||||
},
|
||||
template: function (mention) {
|
||||
return mention.name + ' <span class="text-muted">@' + mention.userName + '</span>';
|
||||
},
|
||||
replace: function (o) {
|
||||
return '$1@' + o.userName + '';
|
||||
}
|
||||
}]);
|
||||
|
||||
this.once('remove', function () {
|
||||
if (this.$textarea.size()) {
|
||||
this.$textarea.textcomplete('destroy');
|
||||
}
|
||||
}, this);
|
||||
this.once('remove', function () {
|
||||
if (this.$textarea.size()) {
|
||||
this.$textarea.textcomplete('destroy');
|
||||
}
|
||||
}, this);
|
||||
}
|
||||
|
||||
$a = this.$el.find('.buttons-panel a.stream-post-info');
|
||||
|
||||
|
||||
@@ -154,7 +154,7 @@ Espo.define('views/stream/record/edit', 'views/record/base', function (Dep) {
|
||||
$('body').off('click.stream-create-post');
|
||||
$('body').on('click.stream-create-post', function (e) {
|
||||
if ($.contains(window.document.body, e.target) && !$.contains(this.$el.get(0), e.target) && !$(e.target).closest('.modal-dialog').size()) {
|
||||
if (this.getView('post').$element.val() == '') {
|
||||
if (this.hasView('post') && this.getView('post').$element.val() == '') {
|
||||
if (!(this.model.get('attachmentsIds') || []).length) {
|
||||
this.disablePostingMode();
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user