Announcement

**krisk** · 04-23-2016, 05:58 PM

Also, this problem has occurred on two, separate instances of EspoCRM, one upgraded to 4.0.4 from 3.9.2 and the other upgraded to 4.0.4 from 4.0.2.

**yuri** · 04-25-2016, 08:18 AM

Thank you for report. We will investigate.

**yuri** · 04-25-2016, 08:30 AM

Does it happen to the user that made mass update?

**yuri** · 04-25-2016, 09:34 AM

Unfortunately I could not reproduce but I will try more. Could try to do small change, maybe it will solve:

application/Espo/Core/AclManager.php

change $key = spl_object_hash($user);
to
$key = $user->id;

Thanks

**krisk** · 04-25-2016, 06:26 PM

I think it has occurred only when a user with administrative status makes the mass updates. Again, I'm not sure the mass updates are causing this problem to occur. I made your suggested modification to application/Espo/Core/AclManager.php in one of my instances and will let you know if this problem recurs.

Thanks.

**yuri** · 04-26-2016, 07:38 AM

Does it affect on real users permissions so that user can do not permitted actions? Or it just displays wrong permissions? When issue occurs how it gets reset to proper permissions? After clear cache?

Thanks

**krisk** · 04-26-2016, 09:04 PM

It effects real user permissions as well as the display showing the wrong user permissions. For example, after the change occurs, the non-admin user assigned to the General Sales Team and General Sales Role can make team and user assignments and can see Opportunity/Sales Amount. Clearing the cache doesn't correct the problem. I have to edit the settings for that user (while I'm logged in as an administrator), first by deleting the team and role settings and saving and then re-editing the user's settings to add back the team and role settings. Once I've done that, the problem is corrected.

**yuri** · 04-27-2016, 07:28 AM

hmm, the fact that clear cache doesn't help is surprising. BTW what PHP version do you have? Is it linux apache server?

**krisk** · 04-27-2016, 09:51 PM

PHP Version 5.5.9-1ubuntu4.14. Ubuntu apache server.

**yuri** · 04-28-2016, 12:29 PM

Please let me know if the issue still occurs after the change. Thanks.

**krisk** · 04-29-2016, 06:53 PM

The issue has occurred twice since implementing the change. However, I have not been able to replicate it consistently or pinpoint the cause. I'm going to reinstall 4.0.4 and start from scratch, in case I've done something that's causing this problem. Anyway, I don't think the modification you suggested has had any effect, so would not recommend incorporating this change into the next release.

**yuri** · 05-03-2016, 05:44 AM

I don't think re-install will help unless you did some manual changes in core files.

**krisk** · 05-03-2016, 03:28 PM

I haven't made any manual changes inside the /application/Espo/Core/ directory, except for the change you suggested above, which I have undone.

Thanks.

**yuri** · 05-04-2016, 09:42 AM

Temporary fix, but not final:

application/Espo/Core/Acl/Table.php

Change method getRoleList to

PHP Code:


    protected function getRoleList()
    {
        $roleList = [];

        $userRoleList = $this->getUser()->get('roles');
        if (!(is_array($userRoleList) || $userRoleList instanceof \Traversable)) {
            throw new Error();
        }
        foreach ($userRoleList as $role) {
            $roleList[] = $role;
        }

        $teamList = $this->getUser()->get('teams');
        if (!(is_array($teamList) || $teamList instanceof \Traversable)) {
            throw new Error();
        }
        foreach ($teamList as $team) {
            $teamRoleList = $team->get('roles');
            foreach ($teamRoleList as $role) {
                $roleList[] = $role;
            }
        }

        return $roleList;
    }

Announcement

Inadvertent change to user access and permissions

Inadvertent change to user access and permissions

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment