Hi,
I was just wondering. Is it possible to disable Personal Views or to modify which columns appear in the selectable views list.
Essentially I am looking to use WebIssues with a client that wants to be able to use it with multiple clients, however, they do not wish clients to be able to see each other.
At present, you can view every user on the system by modifying a personal view and using the drop down list that is auto-populated. The columns are Created By, Modified By, etc.
I have been hunting through the code to try and ascertain where to disable this but have not found it. I would like to be able to turn personal views on or off on a project by project basis but this is not supported.
Would it be possible to let me know what file the relevant code would be in.
I found the html template to add an if statement to disable a column from appearing by name. However, I would like to disable the list of users unless the person creating the view is an Administrator or restrict the list of users to Members only of the Project in much the same way Assigned To can be.
Thanks.
- Log in to post comments
You can modify the getUserItems() function in class System_Web_ExpressionHelper so that it only returns all user names if the current user is an administrator, otherwise it would only return the "[Me]" item.
Regards,
Michał
Thanks,
Is it possible to restrict the list of users to Members only of the Project in much the same way Assigned To can be?
I am assuming if the Desktop Client was used it would still return all the users and the API itself will need to be modified to prevent this?
Kind Regards,
Cliff
OK I have modified the code to the following:
public function getUserItems()
{
$items = array( 0 => '[' .$this->tr( 'Me' ) . ']' );
$userPrincipal = System_Api_Principal::getCurrent();
if($userPrincipal->isAdministrator()){
$userManager = new System_Api_UserManager();
$users = $userManager->getUsers();
foreach ( $users as $user )
$items[ $user[ 'user_id' ] ] = $user[ 'user_name' ];
}
return $items;
}
This will now only return all the users in the views if an Admin has made the request. Normal users just see [Me]. Is the current projectid for the view that is being modified stored anywhere? It would be nice to change this to return just the Members of the project.
Just out of interest, from a data validation point of view, wouldn't you want to restrict the view to only listing members by default? A user that is not a member wouldn't be able to create and modify an entry in the project anyway, I appreciate that a historical user that was removed or deleted may need to be filtered but that could be done via the above code by enabling all users for the Administrator. This would enable the Admin to modify public views in this way but private views would be restricted to just the members of the project which I feel is probably what it should be anyway. Otherwise a regular member can technically view the entire user list by utilising this feature on private views.
Yes, you are probably right. I will have to think if it doesn't break something, if not then I will make this change.
Regards,
Michał