Menu

Show menu on different profile

Customizing iTop
SITEDJEYA FOTSO Brondon Stael
2025-04-30
2025-05-06

  • SITEDJEYA FOTSO Brondon Stael

    SITEDJEYA FOTSO Brondon Stael - 2025-04-30

    Hello everyone, i want to show/hide a menu depending on a profil i just created.

    i created 2 new profiles (ics user and ics admin) and a new class Ics, i created a new group which has only that class, i want to show the menu on my class for all user who has profil ics user, but only user who has profil ics admin should be able to delete or modify object in my class,

    my menu appear in ConfigManagement menu, here is my code

    <itop_design xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="3.0">
    <user_rights>
    <groups>
      <group id="Ics" _delta="define">
        <classes>
          <class id="Ics"/>
        </classes>
      </group>
    </groups>
    <profiles>
      <profile id="81" _delta="define">
        <name>Ics user</name>
        <description>only read action for ics class</description>
        <groups>
          <group id="Ics">
            <actions>
              <action id="action:read">allow</action>
              <action id="action:bulk read">allow</action>
            </actions>
          </group>
        <!-- <group id="*">
            <actions>
              <action id="action:read">allow</action>
              <action id="action:bulk read">allow</action>
            </actions>
          </group> -->
        </groups>
      </profile>
      <profile id="82" _delta="define">
        <name>Ics Admin</name>
        <description>Has the rights to create and modify the ics class</description>
        <groups>
          <group id="Ics">
            <actions>
              <action id="action:write">allow</action>
              <action id="action:bulk write">allow</action>
              <action id="action:delete">allow</action>
              <action id="action:read">allow</action>
              <action id="action:bulk read">allow</action>
            </actions>
          </group>
        <group id="*">
            <actions>
              <action id="action:read">allow</action>
              <action id="action:bulk read">allow</action>
            </actions>
          </group>
        </groups>
      </profile>
    </profiles>
    </user_rights>
    <menus>
        <menu id="NetworkManage" xsi:type="DashboardMenuNode">
            <definition>
                <cells>
                    <cell>
                        <dashlets>
                            <dashlet id="11" xsi:type="DashletBadge">
                                <rank>0</rank>
                                <class>Ics</class>
                            </dashlet>
                        </dashlets>
                    </cell>
                </cells>
            </definition>
        </menu>
        <menu id="IcsList" xsi:type="OQLMenuNode" _delta="define">
            <oql><![CDATA[SELECT Ics]]></oql>
            <do_search>1</do_search>
            <search_form_open>1</search_form_open>
            <rank>1</rank>
            <parent>NetworkManage</parent>
            <class>Ics</class>
            <enable_class>Ics</enable_class>
            <!-- <enable_action _delta="define">UR_ACTION_READ</enable_action> -->
        </menu>
    </menus>
    <classes>
        <class id="Ics" _delta="define">
            <parent>cmdbAbstractObject</parent>
            <properties>
                <category>bizmodel,searchable</category>
                <category>grant_by_profile</category>
                <abstract>false</abstract>
                <key_type>autoincrement</key_type>
                <db_table>ics</db_table>
                <db_key_field>id</db_key_field>
                <db_final_class_field />
                <naming>
                    <attributes>
                        <attribute id="denomination_reseau" />
                    </attributes>
                </naming>
                <reconciliation>
                    <attributes>
                        <attribute id="denomination_reseau" />
                    </attributes>
                </reconciliation>
                <display_template />
                <icon>images/ics.png</icon>
            </properties>
            <methods />
            <fields>
                <!-- Mandatory fiels below-->
                ...........
                ...........
                ...........

    but it doesnt work, the menu doesnt show up for user with profil ics_user but it works for user with profil ics_admin,

    when i check the matrix of rights of ics_user i have read allow (see first image)

    NB: user with profil ics_user can open an object of my class but the menu doest show up

    i want to know if the problem is where i put my menu or something else in my configuration?
    thanks you

     
    Thumbnail
    matric_des_droits.png

  • Vincent @ Combodo

    Vincent @ Combodo - 2025-05-06

    Your XML definition of a menu does not respect the grammar

    • Below a "menu" XML tag, a "class" tag is not supported.
    • When you defined a "enable_class" tag, you must specify also an "enable_action" tag.

    Then the main issue in your setting is that everybody can read the "Ics" class, unless you explicitly deny the read right on the "Ics" group in each other profiles. Be cautious a "deny" always wins against an "allow" which means that if you give 2 profiles to someone, one allowing and one denying the Ics group, he won't see that class. 

          <profile id="xxx" _delta="must_exist">
        <groups>
          <group id="Ics" _delta="define">
            <actions>
              <action id="action:read">deny</action>
              <action id="action:bulk read">deny</action>
     
    ❤️
    1

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.