locked
CRM 2011: Check User Role RRS feed

  • Question

  • Hello, I have written a series of functions that check the user's role and depending on that role (in this case System Administrator) calls a function that enables fields on a form. The function works when the user IS the system administrator, but when the user IS NOT the system administrator, say the user has the salesperson role, then the function continues in an infinite loop.

    The way the function works is that until the CheckRole function is called, the SOAP call does not return any role. The only way it returns a role is that if it checks if the role is System Administrator, since the user is not it keeps checking and checking. Here is the function:

    function UserHasRole(roleName) 

     //get Current User Roles, oXml is an object 
     var oXml = GetCurrentUserRoles();
     alert("UHR Step 1");
     if(oXml != null) 
     { 
      //select the node text 
      alert("UHR Step 2");
      var roles = oXml.selectNodes("//BusinessEntity/q1:name"); 
      if(roles != null) 
      {
       for( i = 0; i < roles.length; i++) 
       { 
        if(roles[i].text == roleName) 
        { 
         alert("UHR Step 3");
         alert("Checking role " + roles[i].text );
         //return true if user has this role 
         return true;
        }
       }
         alert("Role not found, return false.");
         CheckRole();
         return false;
      }
      alert("After if roles is null");
     } 
     alert("Calling CheckRole, end of if statement");
     CheckRole();
     //otherwise return false 
     return false; 
    }

    function CheckRole()
    {
     alert("CheckRole is being called");
     //Enable disabled fields if the current user has the 'System Administrator' role 
     var navAccountNumber = Xrm.Page.getAttribute("zy_navisionaccountnumber").getValue();
     if (null == crmForm.all.zy_navisionaccountnumber.DataValue || true == UserHasRole("System Administrator"))
     {
      EnableProtectedFields();
     }
     else
     {
      alert("user is not the sysad");
     }
    alert("End of CheckRole statement"); //ZY:DBG 
    return;
    }

     

    function GetCurrentUserRoles() 

      alert("GetCurrentUser is being called");
      var xml = "" + 
      "<?xml version=\"1.0\" encoding=\"utf-8\"?>" + 
      "<soap:Envelope xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\">" + 
      Xrm.Page.context.getAuthenticationHeader() + 
      " <soap:Body>" + 
      " <RetrieveMultiple xmlns=\"http://schemas.microsoft.com/crm/2007/WebServices\">" + 
      " <query xmlns:q1=\"http://schemas.microsoft.com/crm/2006/Query\" xsi:type=\"q1:QueryExpression\">" + 
      " <q1:EntityName>role</q1:EntityName>" + 
      " <q1:ColumnSet xsi:type=\"q1:ColumnSet\">" + 
      " <q1:Attributes>" + 
      " <q1:Attribute>name</q1:Attribute>" + 
      " </q1:Attributes>" + 
      " </q1:ColumnSet>" + 
      " <q1:Distinct>false</q1:Distinct>" + 
      " <q1:LinkEntities>" + 
      " <q1:LinkEntity>" + 
      " <q1:LinkFromAttributeName>roleid</q1:LinkFromAttributeName>" + 
      " <q1:LinkFromEntityName>role</q1:LinkFromEntityName>" + 
      " <q1:LinkToEntityName>systemuserroles</q1:LinkToEntityName>" + 
      " <q1:LinkToAttributeName>roleid</q1:LinkToAttributeName>" + 
      " <q1:JoinOperator>Inner</q1:JoinOperator>" + 
      " <q1:LinkEntities>" + 
      " <q1:LinkEntity>" + 
      " <q1:LinkFromAttributeName>systemuserid</q1:LinkFromAttributeName>" + 
      " <q1:LinkFromEntityName>systemuserroles</q1:LinkFromEntityName>" + 
      " <q1:LinkToEntityName>systemuser</q1:LinkToEntityName>" + 
      " <q1:LinkToAttributeName>systemuserid</q1:LinkToAttributeName>" + 
      " <q1:JoinOperator>Inner</q1:JoinOperator>" + 
      " <q1:LinkCriteria>" + 
      " <q1:FilterOperator>And</q1:FilterOperator>" + 
      " <q1:Conditions>" + 
      " <q1:Condition>" + 
      " <q1:AttributeName>systemuserid</q1:AttributeName>" + 
      " <q1:Operator>EqualUserId</q1:Operator>" + 
      " </q1:Condition>" + 
      " </q1:Conditions>" + 
      " </q1:LinkCriteria>" + 
      " </q1:LinkEntity>" + 
      " </q1:LinkEntities>" + 
      " </q1:LinkEntity>" + 
      " </q1:LinkEntities>" + 
      " </query>" + 
      " </RetrieveMultiple>" + 
      " </soap:Body>" + 
      "</soap:Envelope>" + 
      ""; 

      var xmlHttpRequest = new ActiveXObject("Msxml2.XMLHTTP"); 

      xmlHttpRequest.Open("POST", "/mscrmservices/2007/CrmService.asmx", false); 
      xmlHttpRequest.setRequestHeader("SOAPAction"," http://schemas.microsoft.com/crm/2007/WebServices/RetrieveMultiple"); 
      xmlHttpRequest.setRequestHeader("Content-Type", "text/xml; charset=utf-8"); 
      xmlHttpRequest.setRequestHeader("Content-Length", xml.length); 
      xmlHttpRequest.send(xml); 

      var resultXml = xmlHttpRequest.responseXML; 
      return(resultXml);
    }

    function EnableProtectedFields()
    {
     alert("EnableFields is called");

    //do something interesting

    return;
    }

    Tuesday, April 26, 2011 3:29 PM

Answers

  • You can do this with role based forms.  You will use your current form as the System Admin form then create another form for the other users.  For each of the attributes that you want to be read only you will need to update the field property in the form editor.  You can do this by double clicking a field in the form editor and selecting "Field is read-only."  Then you will need to go through the process to set up the permissions on each of the forms. 

    Thanks,

    Brandon

    • Marked as answer by Michael Karls Tuesday, April 26, 2011 7:14 PM
    Tuesday, April 26, 2011 6:50 PM

All replies

  • Hello -

    From a high level it seems that this could be done just using role based forms.  You can have a form that only the system administrator can see.  Have you tried to do this with role based forms? 

    -Brandon

    Tuesday, April 26, 2011 5:22 PM
  • I am using this for the Account entity. When it is the system administrator viewing the Account, the function EnableProtectedFields enables the system admin to edit all of the fields on the account form. When it is a normal user, they cannot edit fields. Does that make sense or is using role based forms still applicable?
    Tuesday, April 26, 2011 5:44 PM
  • You can do this with role based forms.  You will use your current form as the System Admin form then create another form for the other users.  For each of the attributes that you want to be read only you will need to update the field property in the form editor.  You can do this by double clicking a field in the form editor and selecting "Field is read-only."  Then you will need to go through the process to set up the permissions on each of the forms. 

    Thanks,

    Brandon

    • Marked as answer by Michael Karls Tuesday, April 26, 2011 7:14 PM
    Tuesday, April 26, 2011 6:50 PM
  • Brilliant!
    Tuesday, April 26, 2011 7:14 PM
  • Hi BSimons,

    You can add java script also for getting user role and role name. You can get it here.

    http://crmjavascripts.blogspot.in/2013/08/get-current-user-role-and-name-rollup-14.html

    Thanks


    jsh

    Friday, January 17, 2014 6:07 AM