search

salesagility / SuiteCRM

SuiteCRM - Open source CRM for the world
https://www.suitecrm.com
GNU Affero General Public License v3.0
4.39k stars 2.06k forks source link

Spots Module does not populate Assigned User by default - causing Roles issues #3145

Open samus-aran opened 7 years ago

samus-aran commented 7 years ago

Issue

Issue was raised within a duplicate ACL issue with filters. However, this is specific to Spots where due to Spots not populating the assigned user of a record users with Owner role type (edit, access etc) are unable to access it.

"Another user who had View(all) and List(All) access to Spots module can now only List, but cannot View the Spots reports.

A good evidence is that the permissions shown in the user's access matrix do not match with the actuall permissions user has (e.g. Admin->User Management->(select a user)->User's Access Tab matrix. User according to the matrix has List(All) View(All) access to Spots when in relaity when they log-in they have no View access to the module, but only List access. Another user matrix shows for Leads: List(Owner) and View(Owner), but user cannot either list or view their leads." - @evgu

Expected Behavior

Users to have the same access to various CRM Modules after the 7.7.8 -> 7.8.1 upgrade.

Actual Behavior

After the upgrade - Users actual acess access does not match the access they have been been previously assigned.

Possible Fix

Steps to Reproduce

  1. Admin->User Management->(select a user)->Note the User's Access Tab (i.e. user effective access matrix) for Spots - set any to Owner
  2. Login as the user and check each access which user is supposed to have according to his access matrix for Spots.

Context

Since upgrading to 7.8.1 original issue - https://github.com/salesagility/SuiteCRM/issues/3120

Your Environment

SuiteCRM Version used: 7.8.1 Browser name and version (e.g. Chrome Version 51.0.2704.63 (64-bit)): Chrome Firefox v50 64bit Linux Environment name and version (e.g. MySQL, PHP 7): = MySQL v5.5.49 PHP v5.6.24 nginx - 1.6.2 Operating System and version (e.g Ubuntu 16.04): Debian Jessie

evgu commented 7 years ago

@samus-aran, do you have timeline for fix proposal? I am happy to test it.

lockerecca commented 5 years ago

wHO TO Configure SuiteCRM for read Group Permission. ( i create a user is_group = 1 ) put some users in same group assing group Quotes products etc. but on SQL he use data on securitygroups_records i use external program for put data on this table Where is the public static function getGroupUsersWhere

        SELECT sec.user_id from securitygroups_users sec
        inner join securitygroups_users secu on sec.securitygroup_id = secu.securitygroup_id and secu.deleted = 0
            and secu.user_id = 'USER-UUID-GUID'
        where sec.deleted = 0

on Spots Module

SELECT opportunities.name as opportunityName, opportunities.opportunity_type as opportunityType, opportunities.lead_source as opportunityLeadSource, opportunities.sales_stage as opportunitySalesStage, accounts.name as accountName, RTRIM(LTRIM(CONCAT(COALESCE(contacts.first_name,''),' ',COALESCE(contacts.last_name,'')))) as contactName, aos_products.name as productName, RTRIM(LTRIM(CONCAT(COALESCE(users.first_name,''),' ',COALESCE(users.last_name,'')))) as assignedUser, aos_products_quotes.product_qty as productQty, aos_products_quotes.product_list_price as productListPrice, aos_products_quotes.product_cost_price as productCostPrice, aos_products.price as productPrice, aos_products_quotes.product_discount as productDiscount, aos_quotes.discount_amount as discountAmount, aos_product_categories.name as categoryName, aos_products_quotes.product_total_price as productTotal, aos_quotes.total_amount as grandTotal, case when aos_products_quotes.product_id = 0 then 'Service' else 'Product' end itemType, aos_quotes.date_entered as dateCreated, DAYNAME(aos_quotes.date_entered) as dateCreatedDay, CAST(WEEK(aos_quotes.date_entered) as CHAR(5)) as dateCreatedWeek, concat('(',MONTH(aos_quotes.date_entered),') ',MONTHNAME(aos_quotes.date_entered)) as dateCreatedMonth, COALESCE(QUARTER(aos_quotes.date_entered),'') as dateCreatedQuarter, YEAR(aos_quotes.date_entered) as dateCreatedYear FROM aos_quotes LEFT JOIN accounts ON aos_quotes.billing_account_id = accounts.id AND accounts.deleted = 0 LEFT JOIN contacts ON aos_quotes.billing_contact_id = contacts.id AND contacts.deleted = 0 LEFT JOIN aos_products_quotes ON aos_quotes.id = aos_products_quotes.parent_id AND aos_products_quotes.deleted = 0 AND aos_products_quotes.parent_Type = 'AOS_Contracts' LEFT JOIN aos_products ON aos_products_quotes.product_id = aos_products.id AND aos_products.deleted = 0 LEFT JOIN opportunities ON aos_quotes.opportunity_id = opportunities.id AND opportunities.deleted = 0 LEFT JOIN users ON aos_quotes.assigned_user_id = users.id AND users.deleted = 0 LEFT JOIN aos_product_categories ON aos_products.aos_product_category_id = aos_product_categories.id AND aos_product_categories.deleted = 0 WHERE aos_quotes.deleted = 0 AND ( opportunities.assigned_user_id ='USER-UUID-GUID' or EXISTS (SELECT 1 FROM securitygroups secg INNER JOIN securitygroups_users secu ON secg.id = secu.securitygroup_id AND secu.deleted = 0 AND secu.user_id = 'USER-UUID-GUID' INNER JOIN securitygroups_records secr ON secg.id = secr.securitygroup_id AND secr.deleted = 0 AND secr.module = 'Opportunities' WHERE secr.record_id = opportunities.id AND secg.deleted = 0) ) AND ( aos_quotes.assigned_user_id ='USER-UUID-GUID' or EXISTS (SELECT 1 FROM securitygroups secg INNER JOIN securitygroups_users secu ON secg.id = secu.securitygroup_id AND secu.deleted = 0 AND secu.user_id = 'USER-UUID-GUID' INNER JOIN securitygroups_records secr ON secg.id = secr.securitygroup_id AND secr.deleted = 0 AND secr.module = 'AOS_Quotes' WHERE secr.record_id = aos_quotes.id AND secg.deleted = 0) ) AND ( accounts.assigned_user_id ='USER-UUID-GUID' or EXISTS (SELECT 1 FROM securitygroups secg INNER JOIN securitygroups_users secu ON secg.id = secu.securitygroup_id AND secu.deleted = 0 AND secu.user_id = 'USER-UUID-GUID' INNER JOIN securitygroups_records secr ON secg.id = secr.securitygroup_id AND secr.deleted = 0 AND secr.module = 'Accounts' WHERE secr.record_id = accounts.id AND secg.deleted = 0) ) AND ( contacts.assigned_user_id ='USER-UUID-GUID' or EXISTS (SELECT 1 FROM securitygroups secg INNER JOIN securitygroups_users secu ON secg.id = secu.securitygroup_id AND secu.deleted = 0 AND secu.user_id = 'USER-UUID-GUID' INNER JOIN securitygroups_records secr ON secg.id = secr.securitygroup_id AND secr.deleted = 0 AND secr.module = 'Contacts' WHERE secr.record_id = contacts.id AND secg.deleted = 0) ) AND ( aos_product_categories.assigned_user_id ='USER-UUID-GUID' or EXISTS (SELECT 1 FROM securitygroups secg INNER JOIN securitygroups_users secu ON secg.id = secu.securitygroup_id AND secu.deleted = 0 AND secu.user_id = 'USER-UUID-GUID' INNER JOIN securitygroups_records secr ON secg.id = secr.securitygroup_id AND secr.deleted = 0 AND secr.module = 'AOS_Product_Categories' WHERE secr.record_id = aos_product_categories.id AND secg.deleted = 0) ) AND ( aos_products.assigned_user_id ='USER-UUID-GUID' or EXISTS (SELECT 1 FROM securitygroups secg INNER JOIN securitygroups_users secu ON secg.id = secu.securitygroup_id AND secu.deleted = 0 AND secu.user_id = 'USER-UUID-GUID' INNER JOIN securitygroups_records secr ON secg.id = secr.securitygroup_id AND secr.deleted = 0 AND secr.module = 'AOS_Products' WHERE secr.record_id = aos_products.id AND secg.deleted = 0) )