search

salesagility / SuiteCRM

SuiteCRM - Open source CRM for the world
https://www.suitecrm.com
GNU Affero General Public License v3.0
4.4k stars 2.06k forks source link

Calendar does not respect security roles in regard to Meetings (SuiteCRM 7 Only) #10500

Open pstevens71 opened 1 month ago

pstevens71 commented 1 month ago

Issue

Calendar does not respect security roles in regard to Meetings (SuiteCRM 7 Only). I've tested both SutieCRM 7 and SuiteCRM 8 and 8 works as expected. If the user does not have access to the meeting record it does not show. However, in SuiteCRM 7 the meeting record shows regardless of the security role.

Possible Fix

??? not sure yet, going to compare the files in 8 vs 7.

Steps to Reproduce the Issue

1.Add a user to a security role (user A)
2.Limit the user role to see meetings "Owner" listview, and records.
3.Get another user to add a meeting (user B)
4. The first user A can see user B's meetings in the calendar, but if you try to open the meeting, you get the popup, but the meeting info fails 500.
...

Context

Obviously, security roles should be respected in the shared calender view. If the installation decision is to have meetings private, and only accessible by the user, then this should be respected in the calendar view.

Version

7.14.3

What browser are you currently using?

Chrome

Browser Version

No response

Environment Information

PHP 8.1

Operating System and Version

Centos 7 WHM/Cpanel

SuiteBot commented 1 month ago

This issue has been mentioned on SuiteCRM. There might be relevant details there:

https://community.suitecrm.com/t/calendar-not-subject-to-security-roles-suitecrm-7/93655/4