ACL by reference

[mabiuso]

I don't see the use of having ACL lists so powerful and when a user wants to check a <note, call, email, etc> associated with an owned <lead, contact, account> it can only be listed but not viewed (in detailview)

If X is the owner of lead Mr.Y and Role for X says he/she can edit the lead if he/she's the owner, why can't X DetailView a call his/her collegue Z has added, just because the call module is disabled for X?

I don't want the user X to access module Calls, but only module Leads, because he/she would then be able to see calls not referring to his/her business, but when X is watching a Lead, it *has* to be able and view details about Calls referring to the Leads, even if they're not owned.
It would be a nonsense: if i don't know what Mr.Y told to my collegue Z, i could happen asking the same questions to Mt.Y! (the same for notes, emails, etc)

Can this patch be done?
Can anybody help?

That could be another choice in the field Access:
- Enabled
- Disabled
- Only referring objects

Or it could be a mode:
- Normal
- Only referring

Of course the ACL checker should then search for the parent object and then check the ACL for that parent
Something like

PHP Code:

function checkModuleAllowed($module_name, $actions, $parent_object) 


Where $parent_object is checked if it's allowed by ACLs

Thanx