UserFieldAccess

Description

Abstract class defining field settings available for the user

Settings table can be viewed in the class Userfieldtable.

Public methods

Method	Description	Available from version
`public function __construct(int $userId = nul)`	Constructor. Parameters: `$userId` - user ID with access to be defined. When not passed, takes current user ID
`public static function getInstance(string $moduleId, int $userId = null): UserFieldAccess`	Method attempts to find descendant for the module `$moduleId`, creates its object and returns it. When descendant is not found, the method throw an exception `\Bitrix\Main\ObjectNotFoundException`. Parameters: `$moduleId` - module ID `$userId` - user ID with access to be defined. When not passed, takes current user ID
`public function setUserId(int $userId): UserFieldAccess`	Allows indicating user ID with access to be defined. Method returns `$this`.
`public function getUserId(): int`	Method returns current user ID with access to be defined.
`public function getRestrictedTypes(): array`	Method returns array of prohibited user field type IDs. Returns by default: `[ 'resourcebooking', // available in crm only 'mail_message', // no way to edit 'hlblock', // the field is not implemented yet ];` Descendants can re-define this list.
`public function canReadWithFilter(array $filter): bool`	Method returns `true` when user have access to fields with account of `$filter` data. Parameters: `$filter` - array for filtering the user field settings
`public function prepareFilter(array $filter = []): ?array`	Method returns filter by user field settings that user has access to. When user does not have access to any settings - returns `null`. Parameters: `$filter` - array for filtering user field settings
`public function canRead(int $id): bool`	Method returns `true` when user can read user field settings with ID `$id`. Parameters: `$id` - user field settings ID
`public function canAdd(array $field): bool`	Method returns `true` when user can add user field settings containing fields `$fields`. Parameters: `$fields` - set of user field setting fields
`public function canUpdate(int $id): bool`	Method returns `true` when user can modify user field settings with ID `$id`. Параметры: `$id` - user field settings ID
`public function canDelete(int $id): bool`	Method returns `true` when user can delete user field settings with ID `$id`. Parameters: `$id` - user field settings ID

Typical usage

In the most common scenario, access to user field settings is limited not on the level of individual fields, but on the level of entities. When user has access to single entity user field settings, this user, usually, has access to all fields of this entity.

In this case, only one abstract method getAvailableEntityIds must be defined in the descendant.

This method can return set of entity IDs (field ENTITY_ID) to which user has access.

For example, this method code for CRM will look as follows:

protected function getAvailableEntityIds(): array
{
    $permissions = \CCrmPerms::GetUserPermissions($this->userId);
    if($permissions->HavePerm('CONFIG', BX_CRM_PERM_CONFIG, 'WRITE'))
    {
        return array_keys(\CCrmFields::GetEntityTypes());    	
    }
    
    return [];
}

Here, checks user access permissions for updating the settings. When user has such access permissions, grants access to all entities.

However, CRM has "system" fields. Access to such fields must be limited to reading only (for example, fields for printing / company signature for printing in documents).

To implement such limit, re-define methods canUpdate and canDelete that must contain limited access to these fields.