CEDIS asked us to solve the problem in Bitrix24.
In the standard Bitrix24, when a user, "User1" leaves a comment on a deal in stage1 and moves it to stage2, User2, who becomes the new “responsible person” in stage2 can edit the comments left by User1.
Our task was to restrict users from editing other users’ comments on the deal Activity Stream. INTERVOLGA developed the Bitrix24 module for the task.
The module prevents editing and deleting user's comment if the comment doesn't belong to the current user.
Bitrix24 is developed as a web application and has two separate parts: backend and frontend. Backend part is built on a web-server and written in Bitrix framework and PHP programming language. Frontend part works in a web browser and uses HTML and JS technologies.
On the backend part, the module adds EventHandler which takes current user's ID, checks the comment author’s ID, and if they don't match, EventHandler returns an error "could not update comment". This EventHandler runs whenever a user tries to send a request to edit or delete a comment.
On the frontend part: the module adds another EventHandler which sends current user's ID to the JS script whenever the deal details page opens. The JS script then checks all comments via MutationObserver object, compares the current user's ID and comment author’s ID, and if they don't match, removes the "edit/delete context menu".
Each Bitrix24 user can now edit only their own part of work in Bitrix24 CRM. This makes the workflow more transparent for managers, excludes cheating, increases employees’ responsibility.