Presentation of the Customer Portal Login and native restrictions.
coreBOS is a very powerful application to manage your business needs, but it is also widely used as a backend for frontend applications. A task at which it is REALLY good thanks to the powerful web service API and backend tools like workflows and business maps that permit you to do a lot of customizations in a low code way.
When being used in this scenario it usually comes up that the people we want to log in to coreBOS are not coreBOS users but our clients or employees. In the past, I have mostly seen three approaches to this issue.
The external application uses one coreBOS user that imposes permission and privileges restrictions and validates the contacts using some fields and a password on the contact record.
This is a valid approach. It has two major drawbacks.
The idea is to create a user for each Contact/Employee that needs to access the application. With this, you can implement a normal web service login and the permissions you grant to each user will define what they can do. If you configure a strict policy and make modules private along with some Record Access Control rules you will be able to implement your application using simple web service calls and native methods as coreBOS will take care of the permissions for you.
In essence, this is like giving each contact a log in access to your coreBOS.
The drawbacks of this approach are
Using the vtigerCRM/coreBOS infrastructure, a whole new interface is created to cater to the specific needs of the external application. Think of the old SOAP based customer portal or the (obsolete) Outlook plugin support.
As of February 2021, we have created an easier way to accomplish this type of external application. We now have a way of permitting a Contact to log in to the web service API and get a valid user session in return. We can map each Contact to a different user or the same one, making it easy to group privileges together. Then coreBOS will do the heavy lifting for you by honoring that Contact and applying the corresponding restrictions to the methods called.
It is all about being that core Business Operating System upon which your applications can shine!