Topic: Hide Menu options if not authorized (for Report)

Well, this is an extension to previous wish list that's now been implemented. I would love to see if this can be extended to apply
to Report option as well which you'd normally access it from

http://localhost/frontaccounting/reporting/reports_main.php


Original wish list :
Hide Menu options if not authorized
https://frontaccounting.com/punbb/viewtopic.php?id=1128

Maybe it's far stretch from now. But the motivation is the same, for those users who are not authorized it's better that :

a) we hide higher-level access completely from their menu or report; rather than having
b) greyed-out or make it avalable but then there will be warning that users are not authorized to do so



What you can't see, you can't fiddle around with it
If you can see, there are temptation to fiddle around with it

innovation-driven technology

2 (edited by detkenn 03/01/2021 05:23:49 am)

Re: Hide Menu options if not authorized (for Report)

I agree with @aleifuuwork, this feature is desirable. I have modified the relevant files to hide reports menus that are not authorized.

In reporting/includes/reports_classes.inc file:
Change report Class to include $access variable like this:

class Report
{
    var $id;
    var $name;
    var $ar_params;
    var $controls;
    var $access;
    
    function __construct($id, $name, $ar_params = null, $access = null)
    {
        $this->id = $id;
        $this->name = $name;
        if ($ar_params) $this->set_controls($ar_params);
                $this->access = $access;
    }
    
    function set_controls($ar_params) {
        $this->controls = $ar_params;
    }
    
    function get_controls() {
        return $this->controls;
    }
    
}

In reports_classes.inc file line 83 getDisplay function, add:

if($report->access != null && !$_SESSION["wa_current_user"]->can_access($report->access) && $_SESSION["wa_current_user"]->hide_inaccessible_menu_items())
                                continue;

Finally modify each $reports->addReport call in reporting/reports_main.php to include the $access variable.
e.g Customer Balances report:

$reports->addReport(RC_CUSTOMER, 101, _('Customer &Balances'),
    array(    _('Start Date') => 'DATEBEGIN',
            _('End Date') => 'DATEENDM',
            _('Customer') => 'CUSTOMERS_NO_FILTER',
            _('Show Balance') => 'YES_NO',
            _('Currency Filter') => 'CURRENCY',
            _('Suppress Zeros') => 'YES_NO',
            _('Comments') => 'TEXTBOX',
            _('Orientation') => 'ORIENTATION',
            _('Destination') => 'DESTINATION'),'SA_CUSTPAYMREP');

Edited, Also modify addReport() function in reports_classes.inc file like this:

function addReport($class, $id, $rep_name, $params=null,$access=null)
    {
        unset($this->ar_reports[$class][$id]); // unset std report if any
        $this->ar_reports[$class][$id] = new Report($id, $rep_name, $params, $access);
    }

This solution will allow for backward compatibility especially for extensions that implement reports.
If this solution is acceptable to the core, I will modify the whole reports_main.php file to affect all reports.

Re: Hide Menu options if not authorized (for Report)

This is a good update to restrict reports based on user permissions.

Subscription service based on FA
HRM CRM POS batch Themes

Re: Hide Menu options if not authorized (for Report)

True... Does it get into the core?

Re: Hide Menu options if not authorized (for Report)

@joe: ?

Re: Hide Menu options if not authorized (for Report)

Hello guys,

I am not sure. I like the grayed versions in the core as is. This means that the report exists, but I am not allowed to see it. In my opinion this is not a problem. I know my place in the organization, so I don't mind.

I understand the question, but not sure if we should change this.

/Joe

Re: Hide Menu options if not authorized (for Report)

This workaround is for those who want it and is documented in the wiki.

Sometimes, bosses do not want their staff to see what reports the management is capable of viewing!