How can I restrict access to content to a specific user/group in Senaite 2?

Hi guys,

How can i restrict access to content to a specific user group in Senaite 2? For example, I want to remove the contact menu from the navigation when the user group is Analyst? Can I do that from zope 4 interface?

I want also to hide a field for a specific user. It’s a sample that I’ve created for a client. When the user log in as a client, he is able to use the search field in Analysis Profiles to add another one. So, I want to hide this search field. How can I do?

You can change the content_type actions in the setuphandlers: senaite.health/setuphandlers.py at 1.x · senaite/senaite.health · GitHub

And to modify a field visibility, you may get some info here: senaite.core/widgetvisibility.py at 2.x · senaite/senaite.core · GitHub

1 Like

Thank you for answer :slight_smile:

I use senaite.lims 2.0.0.rc2 and the file is different for this one

Hi Elinah,

you can change the visibility of a view directly from ZMI, but based on permissions, not roles. For instance, to make the “Contacts” tab from “Client” content type visible to users with a given permission, login as admin and:

  1. Go to http://localhost:8080/senaite/portal_types/Client/manage_editActionsForm
  2. Look for the desired action “Contacts” in this case

Note the field “Permission”, where you can explicitly type the permission ID required. System will render the view only if the current user has that permission granted. However, Analyst has the permission “View” granted by default. Changing the permission schema is not easy stuff and requires the overriding of the permissions mapping at workflow level. Therefore, I suggest you to use the “Condition” field and check there if current user has any of the roles “LabManager”, “LabClerk” or “Client”

Alternatively, if you don’t want to deal with the “Condition” field, just set “senaite.core: Field: Edit Contact” for “Permission” field

Thank you very much, it works perfectly :slight_smile: