Advanced ACL setup

In this section we will provide different scenarios where a more complex ACL setup is required; we will still use component-wide permissions, however we will use agency-wide permissions, too, in order to fine tune the set of actions that every user can do.

Agency permissions inside Domus Organizer

Inside every agency, you will find a section like this one:

Figure 4.24. Agency permissions inside Domus Organizer

Agency permissions inside Domus Organizer

As you can see, the permissions are pretty much the same as the component-wide ones. The Component administrator permission is missing (of course), but we have a new one:

Manage agency (agency.manage)

Allows the user to edit agency info and permissions

Multiple agencies, agents can only see the other ones records

This is a very common scenario: let's you have two or more agencies on your site and you want agency A agents be able to edit property/customers of Agency A only, but they can't edit or add any new record in Agency B, they can only see them.

You can easily do that in Domus Organizer, you simply have to setup a different ACL.

First of all, we will create a group for every agency, plus two more groups for agency owners:

Example 4.11. ACL Scenario #4: Groups settings

Inside Domus Organizer component options, in the permissions tab, we will leave all the permissions to Inherit, except for the Administrative access one; this means that no one will have component-wide permissions.

Now let's go inside the first agency profile (Acme agency in these examples) and set the permissions in this way:

Example 4.12. ACL Scenario #4: First agency employees permissions

Next we have to setup permissions for the agency owners:

Example 4.13. ACL Scenario #4: First agency owners permissions

Then we have to do the same steps for the second agency (RE agency in these examples):

Example 4.14. ACL Scenario #4: Second agency employees permissions

Example 4.15. ACL Scenario #4: Second agency owners permissions

Perfect, now you're ready to go! If you login with an user that belongs to the first agency, this is what he will see:

Figure 4.25. ACL Scenario #4: Property list for an agent of the first agency

ACL Scenario #4: Property list for an agent of the first agency

As you can see there is no checkbox for the first property, since it belongs to the second agency. If we open the details of the property, you will see that he can't edit it:

Figure 4.26. ACL Scenario #4: Properties of other agencies are not editable

ACL Scenario #4: Properties of other agencies are not editable

However, he can edit properties that belong to the his agency:

Figure 4.27. ACL Scenario #4: Properties of the same agency are full editable

ACL Scenario #4: Properties of the same agency are full editable


Of course the same logic applies to customers, we didn't created any screenshots just to save some space


At the end of this example, we have what we were looking for: we have to different agencies, where employees can only edit the records that belong to their agency and only read other agencies ones.

This is a very common setup, however what if we want to completely hide customers or properties to agents of other agencies? We will discuss this scenario in the next section.