Using Custom Layouts in PimCore to restrict the visibility of editing tabs for selected users or user groups

Anyone who has worked with product data knows that not all parameters assigned to an object should be visible and available for editing to every user. When creating a custom view that includes selected parameters for a given user or user group, an error occurs in PimCore, showing tabs that are not available for those users.

Read below how we fixed it and what caused it.


One of the tools that PimCore offers is the option of defining more than one editing form layout for a data object. This can be done at the PimCore class editor level – by opening the class you want to edit, selecting the Configure Custom Layouts option, and then composing a custom object edit view based on existing data elements.

Custom Layout Definition

This mechanism simply allows you to create views that will later facilitate working on data objects to specific users or user groups. However, there is a use case in which we need to restrict the visibility of selected fields and the option of editing them to selected user groups.

Imagine that we have a product object displayed on a website. This object has basic parameters (such as a name and its translations), technical parameters, financial data and SEO parameters. The latter-most are related to the search engine optimization of the object page and are processed on the object page. Meanwhile, the financial parameters are filled in by accounting and sent to the ERP system, while the technical parameters define the properties of the product itself.

It is immediately clear that not every user of the system should have access to all tabs. For example, accounting staff should not be able to edit SEO and technical parameters, and those responsible for SEO should not be able to change financial parameters. In addition, too many tabs can make it difficult for the system’s users to navigate the editing form.

Thus, let’s create a custom view, showing only the tabs related to the object’s basic parameters and its financial parameters. After this has been created, it still needs to be assigned to a specific group and path: to do this, go to “Users/Groups” / “Groups,” then in the “Areas” tab, enter the path where the products are located and go to “Custom settings” / “Custom layouts” next to the path entered. Here, select the custom view you have created.

From now on, accounting staff will only see the financial and basic parameters of the product they are editing. However, there is a bug in PimCore version 5.8.4 and earlier that causes the product form to load with all tabs after refreshing the browser, including the tabs that should be hidden, if the product was open for editing before the refresh. The error is caused by the fact that the object data request sent by PimCore’s frontend after a page refresh contains an empty layoutId parameter. This makes the system load the default view of the object instead of the view set for the user/user group.

To fix this, just edit line 428 of the class Pimcore\Bundle\AdminBundle\Controller\Admin\DataObject\DataObjectController and replace the existing condition:

if (is_null($currentLayoutId) && !empty($validLayouts))

with:

if ((is_null($currentLayoutId) || !strlen($currentLayoutId)) && !empty($validLayouts))

This will make PimCore properly refresh the custom object view when the page is reloaded.


Our team has already prepared a patch for the core mechanisms in PimCore, which has already been approved. It is available at https://github.com/pimcore/pimcore/pull/4479.

Our Experts
/ Knowledge Shared

16.02.2021

Why Should You Develop Mobile Applications with AWS?

Mobile Solutions

Today’s mobile apps have a lot of requirements, increasingly in the areas of performance, scalability and, of course, cost-efficiency. In these areas, we need a sophisticated infrastructure to support the app.   After all, the frontend of the app is already based on the user’s hardware, but the backend is where we have the most control....

02.02.2021

The 7 Deadly Signs of Digital Debt

Industries

Previously, we spoke about the rising awareness of Digital Debt thanks to recent events. This time, we want to help point out the most common signs of Digital Debt in your own company or operations.  After all, there’s a good chance the issues that produce such debt have gradually become part of day-to-day business. So much so, in fact,...

26.01.2021

Digital Debt / The Business Killer That’s Spreading

Industries

Some businesses were happy with being offline… until they were not. Recent events have pushed the issue of digital debt into the cold light of day.  The hard truth is simple: companies and other entities have suddenly found themselves in a reality where offline operations are no longer the backbone to rely on. This shift was significantly...

Expert Knowledge
For Your Business

As you can see, we've gained a lot of knowledge over the years - and we love to share! Let's talk about how we can help you.

Contact us

<dialogue.opened>