CEDIS company asked us to solve the problem at Bitrix24. In case User1 lefts a comment at a deal and moved the deal to the next stage, the User2 became a “responsible person” and could edit User1’s comments at the deal.
The task was to restrict editing of other users’ comments at deal Activity Stream. INTERVOLGARU developed the Bitrix24 module for that task.
The module prevents editing and deleting user's comment if the comment doesn't belong to the current user.
Bitrix24 is developed as a web application and has two separate parts: backend and frontend. Backend part is built on a web-server and written in Bitrix framework and PHP programming language. Frontend part works in a web browser and uses HTML and JS technologies.
On the backend part, the module adds EventHandler which takes current user's ID, checks the comment author’s ID, and if they don't match, EventHandler returns an error "could not update comment". This EventHandler runs whenever a user tries to send a request to edit or delete a comment.
On the frontend part: the module adds another EventHandler which sends current user's ID to the JS script whenever the deal details page opens. The JS script then checks all comments via MutationObserver object, compares the current user's ID and comment author’s ID, and if they don't match, removes the "edit/delete context menu".
Thus each user can change just his own part of work at Bitrix24. That makes the forkflows more transparent for managers, excludes cheating, increases employees’ responsibility.